Juice Digital Agency — digitālā mārketinga aģentūra
SIA JUICE DIGITAL AGENCY

Privacy Policy

Effective date: 31 May 2026
Last updated: 31 May 2026

1. General provisions

This Privacy Policy (hereinafter - the "Policy") has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter - "GDPR"), as well as the Personal Data Processing Law of the Republic of Latvia (Fizisko personu datu apstrādes likums).

This Policy sets out how SIA JUICE DIGITAL AGENCY collects, processes, stores and protects the personal data of website visitors and clients.

By using our website or services, you confirm that you have read this Policy and agree to its terms.

2. Data controller details

The data controller within the meaning of Article 4(7) of the GDPR is:

Company name: SIA JUICE DIGITAL AGENCY
Registration number: 42103106956
VAT registration number: LV42103106956
Registered address: Augusta Dombrovska iela 49-35, Rīga, Republic of Latvia
Email: hello@juicelatvia.lv
Website: www.juicelatvia.lv

For all enquiries relating to the processing of personal data, data subjects may contact the Controller at the email address provided above.

3. Categories of personal data processed

The Controller processes the following categories of personal data:

3.1. Data provided directly by the data subject

  • First name and surname
  • Email address
  • Phone number
  • Organisation name and job title
  • Content of messages and enquiries submitted via the contact form or email
  • Information provided when booking a consultation via the Calendly service

3.2. Data collected automatically when using the website

  • IP address and approximate geographic location
  • Browser type, operating system and device
  • Pages viewed on the website, time of visit and session duration
  • Referral URL (source of visit to the website)
  • Cookie and similar tracking technology data

3.3. Data received from third-party sources

  • Analytical and advertising data from Google Analytics, Google Ads
  • Interaction data from Meta platforms (Facebook, Instagram)
  • Data from the LinkedIn professional network

The Controller does not process special categories of personal data referred to in Article 9 of the GDPR (data concerning health, racial or ethnic origin, political opinions, etc.).

4. Purposes and legal bases for processing

The Controller processes personal data on the following legal bases in accordance with Article 6 of the GDPR:

4.1. Performance of a contract (Article 6(1)(b) GDPR)

Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract:

  • Processing enquiries received via the contact form or email
  • Negotiations and conclusion of service agreements
  • Performance of obligations under concluded contracts, project management
  • Invoicing and settlement of payments

4.2. Compliance with a legal obligation (Article 6(1)(c) GDPR)

Processing is necessary for compliance with applicable legal requirements:

  • Maintaining accounting and tax records in accordance with the laws of the Republic of Latvia
  • Compliance with the Accounting Law (Grāmatvedības likums)
  • Fulfilment of instructions issued by competent state authorities

4.3. Legitimate interests of the Controller (Article 6(1)(f) GDPR)

Processing is necessary for the purposes of the legitimate interests pursued by the Controller, which are not overridden by the rights and freedoms of the data subjects:

  • Analysis of website usage and improvement of its functionality
  • Ensuring information security and prevention of fraud
  • Protection of the Controller's legal rights and interests in the event of disputes

4.4. Consent of the data subject (Article 6(1)(a) GDPR)

Processing is carried out on the basis of a freely given, specific, informed and unambiguous consent of the data subject:

  • Sending marketing and informational newsletters
  • Use of analytical and marketing cookies
  • Display of personalised advertising on Google and Meta platforms

The data subject has the right to withdraw their consent at any time by sending a request to hello@juicelatvia.lv. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

5. Recipients of personal data

The Controller may transfer personal data to the following categories of recipients:

5.1. Data processors (sub-processors)

The Controller engages third parties to process personal data on behalf of the Controller under written data processing agreements ensuring compliance with the GDPR:

  • Google LLC (USA) - Google Analytics, Google Ads, Google Workspace services. Transfer of data to a third country is carried out on the basis of Standard Contractual Clauses approved by the European Commission.
  • Meta Platforms Ireland Limited (Ireland) - Facebook and Instagram advertising services.
  • Calendly LLC (USA) - meeting and consultation scheduling service. Transfer of data to a third country is carried out on the basis of Standard Contractual Clauses.
  • Lovable Technologies - website hosting platform.
  • IT infrastructure, cloud hosting and project management software providers.

5.2. Other recipients

  • State authorities of the Republic of Latvia and the European Union - upon lawful request within the scope of their competence
  • Auditors, legal and financial advisors of the Controller - within the scope of professional services, subject to confidentiality obligations

The Controller does not sell or transfer personal data to third parties for commercial purposes without the consent of the data subject.

6. Transfer of data to third countries

Where personal data is transferred outside the European Economic Area (EEA), the Controller ensures an adequate level of data protection by means of:

  • Standard Contractual Clauses approved by the European Commission (Article 46(2)(c) GDPR)
  • Engaging only with organisations certified under applicable adequacy mechanisms

7. Retention periods for personal data

The Controller retains personal data for no longer than necessary to achieve the purposes of processing, taking into account the requirements of applicable legislation:

Category of dataRetention periodBasis
Correspondence and enquiries (not resulting in a contract)2 years from the date of last contactLegitimate interests
Contracts and related documentation10 years from the date of contract expiryAccounting Law of the Republic of Latvia
Accounting documents and invoices10 yearsAccounting Law of the Republic of Latvia
Marketing newsletter dataUntil consent is withdrawn or unsubscriptionConsent
Website analytics data26 monthsLegitimate interests
Technical logs and security data12 monthsLegitimate interests

Upon expiry of the specified periods, personal data is deleted or anonymised, unless applicable legislation requires otherwise.

8. Cookies and similar technologies

8.1. What are cookies

Cookies are small text files placed on a user's device when visiting a website. The Controller uses cookies to ensure the operation of the website, its analysis and advertising personalisation.

8.2. Categories of cookies used

Strictly necessary cookies (legal basis: legitimate interests) - required for the proper functioning of the website. Cannot be disabled. Retention period: from session to 12 months.

Analytical cookies (legal basis: consent) - used to collect anonymised statistics on website traffic and user behaviour. Provider: Google Analytics. Retention period: up to 26 months.

Marketing cookies (legal basis: consent) - used to display personalised advertising and measure its effectiveness. Providers: Google Ads, Meta. Retention period: from 90 days to 2 years.

8.3. Cookie management

The user may change cookie settings at any time through the banner on the website or through browser settings. Declining analytical and marketing cookies does not affect access to the core functionality of the website.

9. Rights of data subjects

Under the GDPR, data subjects have the following rights:

9.1. Right of access (Article 15 GDPR)

The data subject has the right to obtain confirmation as to whether personal data concerning them is being processed, and, where that is the case, to obtain access to that data and a copy thereof.

9.2. Right to rectification (Article 16 GDPR)

The data subject has the right to request the rectification of inaccurate personal data or the completion of incomplete personal data.

9.3. Right to erasure (Article 17 GDPR)

The data subject has the right to request the erasure of their personal data where one of the grounds set out in Article 17 of the GDPR applies, in particular where the data is no longer necessary for the purposes for which it was collected, or where the data subject withdraws their consent.

9.4. Right to restriction of processing (Article 18 GDPR)

The data subject has the right to request the restriction of processing of their personal data in the cases provided for in Article 18 of the GDPR.

9.5. Right to data portability (Article 20 GDPR)

The data subject has the right to receive personal data which they have provided to the Controller in a structured, commonly used and machine-readable format, and to transmit that data to another controller.

9.6. Right to object (Article 21 GDPR)

The data subject has the right to object to the processing of their personal data carried out on the basis of the legitimate interests of the Controller, as well as to processing for direct marketing purposes.

9.7. Right to withdraw consent

Where processing is based on the consent of the data subject, the data subject has the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

9.8. Procedure for exercising rights

To exercise any of the rights listed above, the data subject sends a written request to: hello@juicelatvia.lv

The Controller shall examine the request and provide a response within one calendar month of receipt. Where necessary, this period may be extended by a further two months, with the data subject being informed of the reasons for the extension.

Providing a response is free of charge. In the case of manifestly unfounded or excessive requests, the Controller reserves the right to charge a reasonable fee or refuse to fulfil them.

9.9. Right to lodge a complaint

The data subject has the right to lodge a complaint at any time with the supervisory authority for the protection of personal data of the Republic of Latvia:

Datu valsts inspekcija (Data State Inspectorate)
Address: Elijas iela 17, Rīga, LV-1050
Phone: +371 67 22 31 31
Email: info@dvi.gov.lv
Website: www.dvi.gov.lv

10. Data security measures

In accordance with Article 32 of the GDPR, the Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the degree of risk, including:

  • Encryption of personal data during transmission using SSL/TLS protocol
  • Restriction of access rights to personal data based on the principle of minimum necessity
  • Regular software updates and vulnerability assessments
  • Conclusion of Data Processing Agreements with all processors
  • Organisational measures: confidentiality policies, employee training

In the event of a personal data breach that may result in a risk to the rights and freedoms of natural persons, the Controller shall notify the competent supervisory authority within no later than 72 hours of becoming aware of the breach, and in the case of high risk - shall also notify the data subjects themselves.

11. Changes to this Policy

The Controller reserves the right to amend this Privacy Policy in connection with changes in legislation, company operations or data processing practices.

The current version of the Policy is always available on the Controller's website with the date of the most recent update. In the case of material changes, the Controller shall notify data subjects by posting a notice on the website or sending a message by email.

Continued use of the website or the Controller's services following the entry into force of an updated version of the Policy constitutes acceptance of its terms by the data subject.

12. Governing law and dispute resolution

This Privacy Policy is governed by the laws of the Republic of Latvia and the norms of European Union law in the field of personal data protection.

All disputes arising in connection with the processing of personal data shall be resolved by the parties through negotiation. If a dispute cannot be resolved out of court, it shall be referred to the competent court of the Republic of Latvia or to the Datu valsts inspekcija.

13. Contact details

For all enquiries relating to this Privacy Policy and the processing of personal data, please contact:

SIA JUICE DIGITAL AGENCY
Registration number: 42103106956
Address: Augusta Dombrovska iela 49-35, Rīga, Republic of Latvia
Email: hello@juicelatvia.lv
Website: www.juicelatvia.lv
This Privacy Policy enters into force on 31 May 2026.
© SIA JUICE DIGITAL AGENCY. All rights reserved.