Back to Home
Legal

GDPR Compliance

Last updated: April 29, 2026

Our Commitment to GDPR

DiVizion Creative Agency, based in Riga, Latvia, operates within the European Union and is fully subject to Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR). This page outlines how we meet our obligations as a data controller and, in certain contexts, as a data processor.

1. Data Controller Information

DiVizion Creative Agency
Riga, Latvia, European Union
Email: info@divizion.eu
Phone: +371 201 22225

2. Legal Bases for Processing

We process personal data only when we have a valid legal basis under Article 6 GDPR:

  • Article 6(1)(a) — Consent: For marketing emails and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Article 6(1)(b) — Contract: To perform our contractual obligations when you engage our services.
  • Article 6(1)(c) — Legal obligation: For accounting, tax, and other regulatory compliance requirements under Latvian and EU law.
  • Article 6(1)(f) — Legitimate interests: For business communications, fraud prevention, and service improvement — balanced against your rights and freedoms.

3. Data Subject Rights

Under Articles 15–22 of the GDPR, you are entitled to the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data where it is no longer necessary, where consent is withdrawn, or where processing was unlawful.
  • Right to restriction (Art. 18): Request that we limit how we use your data while a dispute is being resolved.
  • Right to data portability (Art. 20): Receive your personal data in a structured, machine-readable format and transfer it to another controller.
  • Right to object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
  • Rights related to automated decisions (Art. 22): We do not make decisions about individuals based solely on automated processing.

Submit requests to info@divizion.eu. We will respond within 30 calendar days. Complex requests may be extended by an additional two months, with notification provided.

4. Cookies and Tracking

Our website uses the following types of cookies:

  • Strictly necessary cookies: Essential for the website to function. These do not require consent.
  • Analytics cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). These require your consent and are only activated after you accept.
  • Marketing cookies: Used to deliver relevant advertising. These require your explicit consent.

You may manage or withdraw cookie consent at any time through your browser settings or by contacting us directly.

5. International Data Transfers

Where we use third-party service providers that process data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (BCRs) where applicable

6. Data Retention

Personal data is retained only as long as necessary for the purpose for which it was collected or as required by law:

  • Client and project data: up to 5 years after project completion (accounting obligations)
  • Inquiry / pre-contract data: up to 2 years
  • Consent records: for the duration of the relationship plus 3 years
  • Analytics data: up to 26 months

7. Data Security Measures

We implement technical and organisational security measures in line with Article 32 GDPR, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Access controls and authentication requirements
  • Regular security assessments
  • Staff awareness and data protection training
  • Incident response procedures

8. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the Latvian Data State Inspectorate within 72 hours where the breach is likely to result in a risk to individuals' rights (Article 33 GDPR)
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms (Article 34 GDPR)

9. Third-Party Processors

We work with selected third-party service providers who process data on our behalf. All processors are bound by Data Processing Agreements (DPAs) ensuring GDPR-compliant handling of personal data. Upon request, we can provide a list of key sub-processors.

10. Supervisory Authority

You have the right to lodge a complaint with the competent supervisory authority. As a company registered in Latvia, our lead supervisory authority is:

Datu valsts inspekcija (Data State Inspectorate)
Elijas iela 17, Riga, LV-1050, Latvia
Website: www.dvi.gov.lv

11. Updates to This Page

This GDPR Compliance page is reviewed at least annually and updated to reflect any changes in our data processing practices or applicable law. The revision date is shown at the top of this page.

12. Contact Our Data Protection Contact

For all GDPR-related enquiries, requests, or concerns:
info@divizion.eu  |  +371 201 22225