representatives of clients that have purchased our hardware and use the Vendon System and Services (“Client”);
representatives of our business partners that distribute Vendon hardware and Services (“Distributor”);
persons who communicate with us and visitors of the vendon.net website;
processing of Personal Data by Vendon on behalf of Clients and Distributors.
Vendon shall process Personal Data in accordance with the applicable data protection laws and in respect of Data Subjects within the European Economic Area (“EEA”). Vendon shall comply with the requirements of European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
Vendon acts as a Controller in respect of the personal data of representatives of our Clients and Distributors, persons who communicate with us and visitors of the Vendon website. Contact details of the Controller are given below in Section 11.
When Vendon processes Personal Data that has been transferred to Vendon by the Clients or Distributors via the System, by using the Services or otherwise, Vendon acts as the Processor.
PROCESSING OF PERSONAL DATA BY VENDON AS DATA PROCESSOR
This section concerns Clients and Distributors of Vendon and processing of Personal Data that they submit to Vendon by using the System and the Services. The Client and Distributor are the Controllers in respect of data they provide to Vendon via the System.
Details of processing
Categories of Data Subjects. Vendon on behalf of the Client and Distributor processes Personal Data of their employees, representatives and other persons related to the respective Client and Distributor that are registered in the System under the Client’s and Distributor’s account or whose data are otherwise entered in the System.
Type of Personal Data. Vendon processes Personal Data that include name, last name, telephone number, e-mail address, password for the System account, language, working hours, position and other information that relate to Data Subjects shared with Vendon by the Clients and Distributors.
Nature and purpose of processing. Vendon processes Personal Data on behalf of the Client and Distributor in accordance with their instructions, and only stores and accesses the data for the purpose of providing the Client with the Services or otherwise executing our obligations under contract concluded with the Client or the Distributor.
Duration of processing. Vendon will process the aforementioned data for as long as Vendon has existing contractual relationship with the respective Client or Distributor. After termination of contractual relationship, we may continue to store some Personal Data, but limited to the minimum amount necessary for us to comply with our legal obligations.
Rights and obligations of Controller and Processor
The Client and Distributor confirms that the data transferred to Vendon has been acquired on a lawful basis and that Data Subjects have been informed about the fact that their Personal Data may be provided to Vendon and other third parties engaged by Vendon for the provision of the Services and maintaining the System.
Vendon shall not be liable for any claims or complaints from Data Subjects regarding any action taken by Vendon as a result of acting in accordance with instructions received from the Client and the Distributor.
Vendon will always process all Personal Data on behalf of the Client or Distributor following their instructions and in compliance with the applicable data protection laws and regulations including requirements of GDPR where applicable.
The Client and Distributor hereby authorizes Vendon to engage sub-processors, including sub-processors that are located outside EEA, for the purpose of administering and providing the Services, maintaining the System or otherwise executing the contractual relationship between Vendon and the Client or Distributor.
Vendon uses sub-processors that provide us services such as hosting and server co-location, communication delivery, product delivery, customer support, legal and financial advisors, among others.
Assistance to the Controller
Taking into account the nature of the processing, Vendon will assist the Client and Distributor with the provision of technical or organizational measures, insofar as possible, for the fulfilment of the Controller’s obligations in relation to:
Any requests from the Data Subjects in respect of access to or the rectification, erasure, restriction, portability, and objection to the processing of their Personal Data that Vendon processes on behalf of the Client or Distributor. In the event that a Data Subject sends such a request directly to Vendon, Vendon will promptly forward such request to the respective Client or Distributor; and
The investigation of Personal Data breaches and the notification to the Supervisory Authority and Data Subjects regarding such breaches; and
Where appropriate, the preparation of data protection impact assessments and, if necessary, carrying out consultations with any Supervisory Authority.
Return and deletion of data
Unless otherwise required by applicable law, Vendon has no obligation to store the Client’s and Distributor’s data after termination of the contractual relationship and deletion of the Client’s and Distributor’s account and all accounts associated with it.
At the choice of the Client and Distributor, Vendon will delete or return all the Personal Data to the Client and Distributor after the end of the contractual relationship relating to processing and shall delete existing copies, unless applicable law requires Vendon to store such Personal Data.
Data Processing Audit
If information provided upon the Client’s or Distributor’s request in its reasonable judgement is not sufficient to confirm Vendon’s compliance, then Vendon agrees to allow for and contribute to data processing audit.
Such audits are allowed to be carried out by independent third party with good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and election of such auditor must be mutually agreed by both the Client or Distributor and Vendon.
The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided at exclusively the cost and expense of the Client or Distributor, and we reserve the right to charge the Client or Distributor for any additional work or other costs incurred by us in connection with the Client using such rights. The rights to request the audit may be used once every 2 years.
The auditor will have to sign a confidentiality agreement, which includes the obligation not to disclose business information in its audit report, and the final report will also have to be provided to Vendon.
INFORMATION WE COLLECT
During the ordinary course of business Vendon collects information from potential and existing Clients and Distributors, website visitors and other persons that communicate with us. Some of this information constitutes Personal Data and in respect of such data Vendon is the Controller.
Information provided to Vendon
Our existing and potential Clients and Distributors provide us with the following information of their representatives: name, surname, e-mail address, phone number, country, company name. This information is necessary for Vendon to able to conclude contracts with Clients and Distributors and to create their accounts in the System.
When you communicate with us using contact information provided on our website, you provide us with your e-mail address, and/or phone number, and any other information that you share with us. This information is necessary for Vendon to be able to communicate with you and respond to your inquiries.
Information we collect automatically
HOW WE USE YOUR INFORMATION
In the context of business relationship, Vendon processes the collected information in order to:
negotiate, conclude and execute contracts with Clients and Distributors;
provide the Services and ensure proper functioning of the System;
communicate with Clients and Distributors about our Services, products, common projects and other matters;
communicate with potential clients, partners and other persons interested in our Services and products;
analyze and measure the use of our webpage and the Services so that we could make improvements;
inform about our products and Services;
protect legal interests of Vendon, our Clients, Distributors and other persons and for legal reasons such as, e.g. enforcing our contracts, complying with any applicable law and assisting law enforcement authorities.
Vendon only collects and processes your Personal Data where we have lawful basis and such basis vary depending on the respective category of data and the purposes for processing it.
Unless indicated otherwise, Vendon processes the collected Personal Data on the basis of legitimate interests and legal obligations. When you provide us with Personal Data that was not explicitly required by us, we process it on the basis of your consent.
Legitimate interests as basis for data processing include our interests in conducting business, managing and delivering the Services and products to existing Clients, informing potential clients about our Services and products, promoting and developing our Services and products, managing the relationships with Clients and Distributors, complying with any applicable law, ensuring information, system, network and cyber security.
In general, Vendon retains Personal Data until the purpose, for which the data has been collected, has been fulfilled. For example, we keep the Personal Data of Clients and Distributors for as long as the contractual relationship between us exists.
After the Client or Distributor terminates relationship with us by deleting Vendon account or otherwise terminating the contract with Vendon, we may continue to store certain information as reasonably necessary to comply with our legal obligations, to resolve disputes, if any, to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests.
SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
For Vendon to be able to provide you with our Service, we work with third parties that provide us with different services we need in ordinary course of our business. Therefore, we share your Personal Data with such third-party service providers.
The categories of recipients of Personal Data include, hosting and server co-location service providers, communication and content delivery services providers, data and cyber security service providers, billing and payment processing service providers, web analytics, CRM and customer support software providers, courier delivery services, marketing service providers, IT service providers, legal and financial advisors, among others (“Third-Party Service Providers”).
Third-Party Service Providers only receive strict minimum amount of Personal Data as necessary for them to provide us with requested service. Vendon shares Personal Data only with such Third-Party Service Providers that are able to demonstrate that they have implemented appropriate measures to ensure that Personal Data is processed in compliance with GDPR and other applicable laws and regulations.
In certain situations, we might have a legal obligation to share your information with public authorities or other third parties.
Vendon may share your information with third parties when it is in our legitimate interest, e.g. in case of any merger, sale of assets, transfer of undertaking, or otherwise restructuring the provision of the Service.
Personal Data processed by Vendon may be transferred to Third-Party Service Providers and other recipients that are located outside of EEA. Vendon confirms that the data are transferred only to such Third-Party Service Providers and other recipients/sub-processors outside the EEA that are located in a territory that has been acknowledged by the European Commission as ensuring adequate level of protection or otherwise are able to provide appropriate safeguards, and always provided that enforceable rights and effective legal remedies are available for Data Subjects.
DATA SUBJECT'S RIGHTS
Furthermore, if you believe that Vendon has unlawfully processed your Personal Data, you have the right to submit a complaint to Vendon by using the contact information provided below, or you may submit complaint to a respective data protection Supervisory Authority in your country.
If you are an individual whose Personal Data has been provided to Vendon by our Client or Distributor (e.g. you are an employee of our Client), please contact the Client or Distributor to exercise your rights.
PERSONAL DATA SECURITY
Considering the potential risks and the nature of processing, Vendon has implemented reasonable and appropriate organizational, technical, and administrative measures in accordance with applicable data protection laws and regulations in order to protect the Personal Data.
Unfortunately, no data transmission or storage system is guaranteed to be 100% secure, therefore we cannot guarantee absolute security of information. Therefore, we encourage our Clients, Distributors and all users of the System to take care of the Personal Data processed via the System and set strong passwords for Vendon System account, limit access to devices and browser by signing out after the end of session, and as possible avoid providing Vendon with any sensitive information, disclosure of which could cause substantial harm to Data Subject.
All of Vendon’s authorized personnel involved in the processing of Personal Data have committed themselves to confidentiality obligations and shall not access or otherwise process Personal Data without authorization and if it's not necessary for the purposes such data was obtained in the first place.
In the event a Personal Data breach occurs, we will notify Data Subjects in compliance with the obligations set out in applicable laws and will provide reasonable assistance regarding the investigation of Personal Data breaches and the notification to the Supervisory Authorities.
, or by using the contact details below:
Attn: Data Protection Officer
Address: Ojāra Vācieša iela 6B,