Privacy Policy

1. Introduction

Ltd. “VMS Timber” Registration No. LV45403035414 (hereinafter referred to as “controller”) on the website (hereinafter referred to as the “Website”) processes personal data obtained from the data subject – Website user (hereinafter referred to as the “User”). The Controller cares about the User’s privacy and the protection of personal data, respecting the User’s rights regarding the legality of personal data processing in accordance with applicable laws – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and other applicable laws in the field of privacy and data processing. In this view, the Controller has developed this privacy policy to provide the User with the information provided for in the Regulation. The privacy policy applies to the processing of data regardless of the form and/or medium in which the User provides personal data (on the Website, in paper format, in person, or by phone). The Controller reserves the right to change these terms at any time. It is the Website visitor’s responsibility to independently check the content of the Website to familiarize themselves with the changes in terms.

2.  Identity and Contact Information of the Controller

Controller: SIA "VMS Timber"

Registration Number: LV45403035414

Controller’s address: “Zāģeri”, Sarkaņu pagasts, Madonas novads, LV-4870, Latvija



Phone number: +371 25 411 162

3. Purposes of Personal Data Processing and Legal Basis of Processing

If the User provides their personal data to the Controller by phone, using the Website contact forms, email, or any other means, we store and use this information to fulfill or conclude the relevant service provision agreement, including customer identification; contract preparation and conclusion; service provision (performance of contractual obligations); customer service; handling and processing of objections; raising customer loyalty; payment and settlement administration; debt recovery and collection; providing planning and record-keeping. We also process this data to provide information to state administrative authorities and operational entities in the cases and to the extent specified in external regulatory acts. The legal basis for data processing is the conclusion and performance of a contract, compliance with regulatory acts, with the consent of the Customer – the data subject, and our legitimate interests (for example, verifying the Customer’s identity before concluding a contract, ensuring the performance of contractual obligations, analyzing website usage, ensuring the effectiveness of service provision, etc.).

4. Categories of Personal Data

Categories of personal data include name, surname, personal identification number, email or mailing address, IP address, phone number, the content of messages or letters, etc.

5. Categories of Recipients of Personal Data

Data is disclosed to those employees of the Controller who need it to perform their direct duties in order to fulfill or conclude the relevant service provision agreement. When obtaining and using personal data, we partially use the services of external service providers who strictly follow our instructions in accordance with the contract we constantly control.

6. Categories of Data Subjects

Categories of data subjects include existing, former, and potential customers of the Controller and other individuals expressing a desire to contact the Controller.

7. Transfer of Data Outside Latvia

The received data is not planned to be transferred outside Latvia, The European Union, or the European Economic Area. However, considering that the Website is associated with Google and Facebook services, the Controller cannot guarantee that these companies will not transfer data outside the European Union or the European Economic Area. 

8. Data retention period

We process and store the personal data of the User as long as there is a legal obligation for either party to retain the data. After the aforementioned circumstances cease to exist, and unless otherwise specified in the data protection guidelines, we delete data within three months from the date the original reason for data retention is no longer valid, except in the cases where our legal obligation is to continue storing this data (e.g., for accounting records or litigation purposes).

9. Data subjects access personal data

The data subject has the right to access their personal data within one month from the date of the respective request. The User can submit a request for the exercise of their rights in writing in person at the Controller’s legal address (by presenting an identification document), by mail, or by email with a secure electronic signature. 

Upon receiving the User’s request for the exercise of their rights, the Controller verifies the User’s identity, evaluates the request, and fulfills it in accordance with the relevant regulations. The User has the right to receive the information stipulated in the regulations regarding the processing of their data, the right to request access to their personal data, as well as the right to request the Controller to supplement, correct, or delete the data, restrict processing, or object to processing, to the extent that these rights do not contradict the purpose of data processing (e.g., contract conclusion of performance).

The data subject does not have the right to receive information if disclosing such information is prohibited by law in the areas of national security, defense, public security, criminal law, or in order to protect the state’s financial interests in tax matters or to supervise financial market participants and conduct macroeconomic analysis.

10. Cookie processing

The Website collects data about Website visitors, allowing the Website owner to evaluate the usefulness of the Website and how it can be improved. The Controller constantly improves the Website to enhance its usability, which is why the Controller needs to know what information is important to the Website visitors, how often they visit the Website, what devices and browsers they use, where visitors come from, and what content they prefer to read. The Controller uses the Google Analytics system, which allows the Controller to analyze how visitors use the Website. The basic principles of how Google Analytics works can be found on the Google website at The Controller uses the collected data for their legitimate interests in improving the understanding of the needs of Website visitors and improving the accessibility of the Controller’s published information. Visitors can opt out of data collection by Google Analytics at any time, as described here:

The server hosting the Website may record visitor requests (device used, browser, IP address, access date, and time). The data mentioned in this section is used for technical purposes, to ensure the proper functioning and security of the Website, and to investigate potential security incidents. The legal basis for collecting this data is the Controller’s legitimate interest in ensuring the technical availability and integrity of the Website. 

Cookies are small files that the browser saves on the visitor’s computer each time the visitor accesses the Website, according to the setting of the visitor’s browser. Certain cookies are used to select and provide visitors with relevant information and advertisements to the visitor based on the content the visitor has previously viewed, thereby making the Website usage simple, convenient, and individually tailored for visitors. Additional information about cookies, as well as their deletion and management, can be obtained on the website

The Website uses cookies to collect user IP addresses and browsing information and allows the Website to remember the visitor’s preferences. Cookies allow the Controller to monitor the flow of data on the Website and the user’s interaction with the Website. The Controller uses this data to analyze visitor behavior and improve the Website.  The legal basis for using cookies is the Controller’s legitimate interest in ensuring the functionality, accessibility, and integrity of the Website. 

Visitors can control and/or delete cookies according to their preferences. More information about this process is available here: Visitors can delete all cookies stored on their computers. 

Visitors can opt out of cookies through the browser menu or at To make the necessary settings, visitors need to familiarize themselves with the terms of their web browser. In case of blocking cookies, visitors will need to manually adjust the settings each time they visit the Website, and there is a possibility that some services and features may not work. 

Access to statistical data about Website visitors is only available to employees of the Controller who are responsible for analyzing such data. Unless otherwise specified, cookies are stored until the action for which they were collected is completed, and then they are deleted. 

In the event that the Website provides a forum or comment option, the Website stores the IP address and data provided by the visitor in such cases. Cookies containing this data can be stored for your convenience (to avoid rewriting it) for up to one year.

11. Trešo personu tīmekļa vietnes

We may collaborate with third parties authorized to place third-party cookies on our websites or our services, applications, and tools with your consent. These service providers allow us to provide you with a better, faster, and safer website usage experience. Note that third-party cookies are subject to the privacy policy of the third party, and therefore, we assume no responsibility for these privacy policies.

The Website has implemented the "Facebook pixel" tool. The purpose of using this tool is to customize content and advertisements for Facebook users. To learn more about the Facebook privacy policy, click here: You can also change the advertising settings in your Facebook profile.

12. Right to lodge a complaint with the supervisory authority

The data subject has the right to lodge a complaint with the supervisory authority (Data State Inspectorate). The Data State Inspectorate accepts documents by mail, and email (documents signed with a secure electronic signature), and they can also be left in the mailbox on the 1st floor at Elijas Street 17, Riga, LV-1050. The Data State Inspectorate accepts electronic mailings received at the email address

13. Validity of the privacy policy

We reserve the right to occasionally change and supplement the content of this privacy policy to clarify the description of how we process your data. In view of this, we encourage you to regularly review this privacy policy to stay informed about the processing of your personal data on the Website.