Privacy Policy

Date of Entry into Force: 01.09.2025

Last Update: 05.10.2025


Introduction.

This Privacy Policy describes how "JD Trade Solutions" SIA (hereinafter – “we”, “us” or “our”) collects, uses, and protects your personal information when you visit and use our online store [Name of your site, for example, www.jeeshop.eu (hereinafter – “Site”).

We are committed to protecting your privacy and processing your personal data lawfully, fairly, and transparently in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Personal Data Processing Law of the Republic of Latvia (Personas datu apstrādes likums), and other applicable regulatory acts of the Republic of Latvia, including Cabinet Regulation No. 620. We do not process special categories of personal data (e.g., health data) unless you provide them explicitly and with explicit consent.


1.      Data Controller.

The person responsible for processing your personal data is:

  • Company Name: "JD Trade Solutions" SIA
  • Registration Number: 40203568981
  • Legal Address: Rīga, Praulienas iela 2, LV-1021
  • Email for Data Protection Questions: [email protected]


2.      What Data Do We Collect and for What Purpose?

We collect and process the following categories of personal data for the specified purposes and on the following legal bases:

Purpose of Processing

Data Collected

Legal Basis

Order Placement and Fulfillment

Name, surname, delivery address, e-mail, phone number, purchase history.

Performance of a contract (GDPR Art. 6(1)(b)).

Financial Accounting and Bookkeeping

Transaction data, account details, invoice information.

Compliance with a legal obligation (GDPR Art. 6(1)(c)), e.g., the Law "On Accounting".

Marketing and Newsletter Distribution

Email address, name.

Your consent (GDPR Art. 6(1)(a)), which you can withdraw at any time.

Customer Service and Consultations

Name, e-mail, phone number, content of your inquiry, correspondence history.

Our legitimate interest in ensuring quality service (GDPR Art. 6(1)(f)).

Analytics and Site Improvement

IP address, device type, browser type, visit data (cookies).

Our legitimate interest in improving the Site's operation (GDPR Art. 6(1)(f)) for essential cookies; your consent (GDPR Art. 6(1)(a)) for analytical and marketing cookies.

Fraud Prevention

IP address, transaction data.

Our legitimate interest in protecting our business and customers (GDPR Art. 6(1)(f)).


We do not use automated decision-making or profiling that has legal effects on you (GDPR Art. 22). If we introduce it (e.g., with AI), we will notify you separately in accordance with the EU AI Act.


3.      To Whom Do We Transfer Your Data?

We do not sell your personal data. We may transfer them to trusted third parties (data processors) to ensure the functioning of our services:

  • Delivery Service Providers: Omniva, DPD for delivering your orders.
  • Payment Service Providers: Stripe, PayPal, for secure payment processing.
  • Email Marketing Platforms: [For example], if you subscribe to our newsletter.
  • Accounting and IT Companies that assist us in business operations and Site maintenance.
  • Government Authorities upon lawful request (e.g., State Revenue Service).

All our partners are required to ensure the same level of data protection as we do, based on data processing agreements (GDPR Art. 28).


4.      Transfer of Data Outside the EU/EEA.

Some of our partners (e.g., Google Analytics, Mailchimp) may be located outside the European Union. In such cases, we ensure that data transfers are carried out based on adequate safeguards, such as Standard Contractual Clauses approved by the European Commission, or EU adequacy decisions. We regularly assess the level of protection provided by recipients.


5.      How Long Do We Store Your Data?

We store your data no longer than necessary for the purposes for which they were collected, or longer if required by law:

  • Data for Order Fulfillment: Stored until the order is fulfilled and for the period necessary to handle claims (typically 2 years).
  • Accounting Data (Invoices): Stored for the period established by LR legislation (e.g., 5-10 years under the Law on Accounting).
  • Marketing Data: Stored until you withdraw your consent.
  • Cookie Data: Storage period depends on the cookie type but does not exceed 1 year.

After the expiration of the period, data is anonymized or deleted.


6.      Your Rights as a Data Subject.

In accordance with GDPR, you have the following rights:

  • Right of Access: You can request a copy of the data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to Be Forgotten”): You can request deletion of your data if there are no longer legal grounds for storage.
  • Right to Restriction of Processing: You can request restriction of the use of your data.
  • Right to Data Portability: You can request provision of your data in a structured, machine-readable format.
  • Right to Object: You can object to the processing of your data based on our legitimate interests.
  • Right to Withdraw Consent: If processing is based on your consent (e.g., for newsletters), you can withdraw it at any time.

To exercise these rights, please contact us by email: [email protected]

We will verify your identity for security and respond within 1 month from receipt of the request (with possible extension to 3 months for complex cases, of which we will notify you).


7.      Cookie Usage Policy.

Our Site uses cookies to improve your experience. Cookies are small text files stored on your device.

  • Essential Cookies: Necessary for the Site's functioning (e.g., for the shopping cart).
  • Analytical Cookies: Help us understand how you use the Site to improve it (e.g., Google Analytics).
  • Marketing Cookies: Used to display relevant advertising to you.

We request your consent for the use of analytical and marketing cookies via a cookie banner on your first visit to the Site. You can change your choice at any time in the cookie settings on our Site.


8.      Data Security.

We take all necessary technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. This includes data encryption (e.g., SSL for the site), access controls (role-based permissions), regular security audits, and backups. In the event of a data breach, we will notify DVI within 72 hours and you if the risk is high (GDPR Arts. 33-34).


9.      Changes to the Policy.

We may update this Privacy Policy from time to time. The current version will always be available on our Site. We will notify you of significant changes (e.g., new processing purposes) by email or via a notice on the Site.


10.  Contact Information and Right to Lodge a Complaint.

If you have questions about the processing of your data, contact us at [email protected].