MADESTA Steel fabrication
since 2000
Send Request

Privacy Policy

How we collect, use and protect your personal data.

SIA MADESTA (“MADESTA”, “we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what personal data we collect when you visit madesta.lv, use our services or contact us, how we use and protect that data, and what rights you have under Regulation (EU) 2016/679 (GDPR) and the Latvian Personal Data Processing Law.

01 Data Controller

The data controller responsible for your personal data is:

SIA MADESTA

Rencēnu iela 8, Rīga, LV-1073, Latvia

Registration No: LV40003440441

Email: [email protected]

Phone: (+371) 66 065 809

If you have questions about this policy or wish to exercise your rights, contact us at the address above. We aim to respond within 30 calendar days.

02 Data We Collect

We may process the following categories of personal data, depending on how you interact with us:

Identification & Contact Data

  • Full name and job title
  • Company name and industry
  • Email address and telephone number
  • Postal address (if provided in correspondence)

Enquiry & Project Data

  • Messages, specifications and technical requirements you send us
  • Uploaded drawings, documents or attachments
  • RFQ (Request for Quotation) details and project scope

Technical & Usage Data

  • IP address and approximate geolocation (country / city level)
  • Browser type, version and operating system
  • Pages visited, time on site, referral source
  • Device type and screen resolution

We do not collect special categories of personal data (such as health, racial, political or religious data) and we do not engage in automated decision-making or profiling.

03 How We Collect Data

Source Examples
Directly from you Contact form submissions, RFQ requests, email correspondence, telephone calls
Automatically Cookies, server logs, analytics tools when you browse madesta.lv
Third parties LinkedIn (if you contact us via LinkedIn); publicly available business registers

04 Purposes & Legal Basis

We only process your personal data when we have a lawful basis to do so. The table below sets out each purpose, the data used and the applicable legal basis under GDPR Art. 6.

Purpose Data used Legal basis
Respond to enquiries and RFQ requests Contact data, enquiry data Legitimate interests (Art. 6(1)(f)) — responding to business correspondence is a core legitimate interest
Prepare and send quotations and proposals Contact data, project data Pre-contractual steps at your request (Art. 6(1)(b))
Perform a contract (if order placed) Contact data, project data Contract performance (Art. 6(1)(b))
Send product news and industry updates Contact data Legitimate interests (Art. 6(1)(f)) — existing business relationship; opt-out available at any time
Website analytics and improvement Technical & usage data Consent (Art. 6(1)(a)) — obtained via cookie banner
Comply with legal obligations (accounting, tax) Contact data, transaction data Legal obligation (Art. 6(1)(c))
Fraud prevention and IT security Technical data Legitimate interests (Art. 6(1)(f))

Where we rely on legitimate interests, you may object to the processing at any time by contacting us (see Section 13). We will cease processing unless we have compelling legitimate grounds that override your interests.

05 Data Recipients

We do not sell, rent or trade your personal data. We may share data only with the following categories of recipients, and only to the extent necessary:

Recipient category Purpose Safeguard
IT service providers (hosting, email infrastructure) Website operation, secure email delivery Data Processing Agreement (DPA)
Google LLC (Google Analytics) Website usage analytics (only with your consent) DPA + Standard Contractual Clauses
Professional advisors (lawyers, auditors) Legal compliance, financial auditing Confidentiality obligations
Public authorities Legal obligations, regulatory requests Legal requirement

All processors who handle data on our behalf are bound by a Data Processing Agreement requiring them to implement appropriate technical and organisational security measures.

06 International Transfers

We process your personal data primarily within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to Google LLC servers), we ensure an adequate level of protection using one or more of the following mechanisms:

  • European Commission adequacy decision for the destination country
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) of the recipient organisation

You may request a copy of the applicable safeguards by contacting us at [email protected].

07 Retention Periods

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law.

Data category Retention period Reason
Enquiry & contact data (no contract) 3 years from last contact Legitimate interest in responding to follow-up enquiries
Contract-related data 10 years after contract end Latvian accounting and commercial law requirements
Analytics data (Google Analytics) 26 months Google Analytics default retention setting
Server logs (IP, access logs) 90 days Security monitoring and fraud prevention
Cookie consent records 12 months Documenting compliance with consent requirements

When data is no longer required, it is securely deleted or anonymised. You may request earlier deletion — see Section 8.

08 Your Rights

As a data subject under GDPR, you have the following rights. You can exercise them free of charge by contacting us (see Section 13). We will respond within one month and may extend this by two further months for complex or numerous requests.

Right of Access

Request a copy of the personal data we hold about you (Art. 15).

Right to Rectification

Ask us to correct inaccurate or incomplete data (Art. 16).

Right to Erasure

Request deletion of your data when it is no longer necessary or you withdraw consent (Art. 17).

Right to Restriction

Ask us to restrict processing while a dispute is resolved (Art. 18).

Right to Portability

Receive your data in a structured, machine-readable format (Art. 20).

Right to Object

Object to processing based on legitimate interests or for direct marketing (Art. 21).

Withdraw Consent

Withdraw consent at any time without affecting prior lawful processing (Art. 7(3)).

Right to Complain

Lodge a complaint with the Latvian supervisory authority (Art. 77).

Identity verification: To protect your privacy, we may ask you to verify your identity before we fulfil a request. We will not use the information provided for verification for any other purpose.

Supervisory authority: You have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija): www.dvi.gov.lv, Elijas iela 17, Rīga, LV-1050.

09 Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including:

  • TLS/HTTPS encryption on all website connections
  • Access controls and role-based permissions for internal systems
  • Regular security reviews and vulnerability assessments
  • Staff training on data protection and information security
  • Data minimisation — we only collect what is strictly necessary

No method of electronic transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately at [email protected]. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and, where required, inform you directly.

10 Cookies

We use cookies and similar technologies to operate the website and, with your consent, to analyse usage. For a full description of the cookies we set, their purpose and duration, and how to manage your preferences, please see our Cookie Policy.

You can withdraw or update your cookie consent at any time using the cookie settings link in the website footer, or by adjusting your browser settings. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

11 Children

Our website and services are directed at businesses and professional users. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

12 Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.

If changes significantly affect how we process your data, we will notify you by email (if we hold your contact details) or by displaying a prominent notice on the website prior to the change taking effect.

13 Contact & Complaints

For any privacy-related questions, requests to exercise your rights, or concerns, please contact us:

SIA MADESTA — Data Protection

Rencēnu iela 8, Rīga, LV-1073, Latvia

Email: [email protected]

Phone: (+371) 66 065 809

If you are not satisfied with our response, you have the right to lodge a complaint directly with the Latvian Data State Inspectorate:

Datu valsts inspekcija (Data State Inspectorate)

Elijas iela 17, Rīga, LV-1050, Latvia

Website: www.dvi.gov.lv