Privacy Policy

In this Privacy Policy, "eCom21" SIA (hereinafter — “we” or “ECOM21”) provide information about what personal data we collect, how we process personal data, to whom we disclose it, how a data subject (hereinafter also — “you”) can control processing of their data, and other important information about the processing of your personal data.

We respect your privacy, therefore, security of your personal data is our priority. We use reasonable organisational and technical means to ensure continuous security of your personal data and compliance of the processes with the requirements of the laws and regulations governing the protection of personal data.

Updated on: 20.05.24

1. Definitions

1.1. “We” shall mean "eCom21" SIA, a private limited liability company, established and operating under the laws of the Republic of Latvia, legal entity code 40103515367, registered address: Riga, Vesetas Street 7, LV-1013, Latvia;

1.2. “You” shall mean the attendees of the Event, the speakers performing at the event and the visitors of our Website and the users of the ECOM21 App;

1.3. “Website” shall mean our website accessible at https://ecom21.com/;

1.4. “Event” shall mean VIII International eCommerce conference ECOM21.

2. Where do we obtain Your data?

We obtain your personal data directly from you, including when you fill in a contact or registration form, when you place an order or when you contact us (for example, by emailing us), or when you speak or otherwise interact with us at the Event. We may also obtain data from other sources, for instance, if the ticket for you was purchased by another attendee or by your employer. We may also obtain data indirectly via third parties for instance, on the social media, when you are tagged in relation to the event. In addition, we obtain your personal data by photographing and filming the event.

3. What personal data do we collect about you and for what purposes do we process it?

3.1. Organisation and administration of the Event

Data categories

Contact information: name, surname, email address, telephone number, company name.

Information related to your purchase: ticket type, your payment instrument data (name of the cardholder, masked card number, expiry date, e-wallet identification data, transaction code etc.), the details and date of the order and communication with the sales department.

Information related to you as a speaker: information that you have provided us when we agreed that you will be a speaker, time and date of the presentation, presentation materials, your photo.

Information related to your participation in the workshops held at the Event and organised by our partners: name, surname, email address, company name, information regarding participation in the workshop.

Information related to ensuring safety on the premises: CCTV data.

Legal grounds for data processing

Entering into an agreement with you and carrying out our contractual obligations (Article 6(1)(b) of the GDPR).

Complying with the legal obligations related to organising events including accounting, taxies, other public obligations, protection of consumer rights, as well as ensuring security on the premises (Article 6(1)(c) of the GDPR).

Our legitimate interest to ensure safety at the Event and assist our partners with organising workshops (Article 6(1)(f) of the GDPR).

Duration of data processing

We generally retain your data throughout the validity of an agreement concluded with you and throughout the validity of our legitimate interest, however, no longer than 5 years following your last participation at the Event.

Information related to your purchase is retained for the period laid down by the applicable legislation. CCTV data is retained for no longer than 1 month.

Data regarding your EU COVID19- certificate is used only during the Event and is not retained after the end of the Event.

3.2. Providing ECOM21 App

Data categories

Contact information: email address.
Data related to your use of the ECOM21 App: voting in surveys and questionnaires, questions to speakers, information posted and shared with other registered participants via the user profile, data about login to the App, data about the device operating system, entry, use, change of the Account, data or other activities on the App, in the Account, log entries, changes and their history, settings, other system parameters. You may also share photos and videos directly by using the device camera, if you choose to enable this function. Date and time set on the device is processed to alert the user on the chosen topics at the time of the event, if you choose to enable this function.

We may share your name, surname, contact details and a name of the company which you represent in the mobile application “ECOM21” to other Event participants to contact you.

Legal grounds for data processing

Your consent (Article 6(1)(a) of the GDPR).
Our legitimate interest to ensure the security of the App (Article 6(1)(f) of the GDPR).

Duration of data processing

We generally retain your data throughout the validity of an agreement or our legitimate interest, however, no longer than 5 years following your last participation at the Event.

3.3. Obtaining photo and video materials during the Event for promotional purposes

Please be informed that we will photograph and film the Event based on our legitimate interest to promote the Event. We may use the obtained photos and video recordings in various promotional activities, including posting the photos and video recordings on our Website, social media networks, in various media outlets, issuing brochures, posters or using them for any other promotional or marketing tool, as required. If you wish not to be photographed or filmed, or if you wish to object to the use of a particular photo or video, please send a request to sending a request to info@ecom21.com.

Legal grounds for data processing

Our legitimate interest (Article 6(1)(f) of the GDPR), to obtain photo and video materials of the Event for the purpose of promoting the Event.

Duration of data processing

We generally retain your data throughout the validity of our legitimate interest, however, no longer than 5 years following your last participation at the Event.

3.4. Customer service – inquiries, requests, complaints

If you contact us by phone, we will write down the information you provide, to properly examine your request and/or respond to your inquiry. If you contact us in writing (by e-mail or otherwise), we will store the fact of you contacting us and the information provided, including personal data, so that we can properly examine your request and/or respond to your question, request or complaint.

Data categories

The telephone number you are calling from or your e-mail address, other information pertaining to your inquiry, including, but not limited to, first name, surname, technical details of the call (date, duration, etc.); history of calls; complaint, request, inquiry text, description of the circumstances of the complaint or another inquiry, documents supporting the complaint, request, inquiry, other information provided to us.

Legal grounds for data processing

Your consent (Article 6(1)(a) of the GDPR). Conclusion, performance, amendment and administration of an agreement (Article 6(1)(b) of the GDPR). Our legitimate interest and that of third parties (Article 6(1)(f) of the GDPR) to obtain photo and video materials of the Event for the purpose of promoting the Event.

Duration of data processing

We generally retain your data throughout the validity of our legitimate interest, however, no longer than 5 years following your last participation at the Event. If you contact us by phone, we will write down the information you provide, to properly examine your request and/or respond to your inquiry. If you contact us in writing (by e-mail or otherwise), we will store the fact of you contacting us and the information provided, including personal data, so that we can properly examine your request and/or respond to your question, request or complaint.
Complaints, claims, written requests related to the Event shall be stored no longer than for 1 year after the relevant Event, unless longer periods apply.

3.5. Direct marketing

We process your personal data in order to send you our newsletter and provide with various offers and other information of our main partners and sponsors via e-mail.

Data categories

Contact information: name, surname, email address.

Legal grounds for data processing

Your consent (Article 6(1)(a) of the GDPR) to receive offers and information from us.

Duration of data processing

The consent shall be valid until you withdraw it.

3.6. Marketing in social media

For the purpose of marketing of our Event we also use Facebook business tools that register of your activity on this Website to optimize the display of ads and to create so-called custom audiences for Facebook ads (e.g., based on your clicks on our site
collected by Facebook's pixel or using a social plug-in).

Data categories

Name, surname, country, photograph, information about communication in the account (“like”, “follow”, “comment”, “share”, etc.), notifications sent, information on notifications (message receipt time, message content, message attachments, correspondence history, etc.), comments, reactions to published entries, sharing, information on participation in events and/or games organized by us.

Legal grounds for data processing

Your consent (Article 6(1)(a) of the GDPR). Our legitimate interest to manage our social media profiles (Article 6(1)(f) of the GDPR).

Duration of data processing

During the period of consent validity. Personal data used for this purpose shall be stored as long as you are registered on a specific social network.

3.7. Website administration, support, improvement

When you visit and browse our Website, for the purpose of collecting statistical data and improving the quality of Services and visitor experience, we process the following data: Website administration, support, improvement.

Data categories

Device IP address; time; visited pages and time spent; type of browser; technical details about operating system; website addresses from which the user has accessed our website, cookies, other technical details.

Legal grounds for data processing

Your consent (Article 6(1)(a) of the GDPR). Our legitimate interest to analyse data in order to administer the Website (Article 6(1)(f) of the GDPR).

Duration of data processing

Please refer to the Cookie Policy.

3.8. Sharing your contact information with our partner - marketing service provider

If you choose to purchase a ticket package that includes receiving marketing services from our selected partner Nordic Fintech, we will process your contact information and share it with our partner in order to enable you to receive the selected marketing services from Nordic Fintech.

Data categories

Name, surname, e-mail, telephone number.

Legal grounds for data processing

Entering into an agreement with you and carrying out our contractual obligations (Article 6(1)(b) of the GDPR).

Duration of data processing

We generally retain your data throughout the validity of an agreement, however, no longer than 5 years following your last participation at the Event.

3.9. Compliance with statutory obligations

In order to be able to ensure proper implementation of tax, accounting, safety and other statutory obligations, we process the personal data.

Data categories

Name, surname, information related to your purchase and any other personal data required to be processed under the applicable laws.

Legal grounds for data processing

Legal obligations and requirements of legal acts (Article 6(1)(c) of the GDPR):accounting, taxes, other public obligations; protection of consumer rights; safety; information security; other areas relevant for us.

Duration of data processing

Relevant personal data is retained for the period laid down by the applicable legislation.

4. Categories of recipients of personal data

Categories of recipients of personal data are as follows:

Our various service providers (data processors), for example, online registration platform provider, payment service providers, owners of the venue premises, photographers and videographers, marketing service providers, security, automated invoice generation service providers, accounting service providers;

Service providers maintaining social media platforms on which we maintain our profiles – Facebook, LinkedIn, Instagram;

Our partners and sponsors, in particular our partners providing workshops at the event. Please note that in case you sign up for a workshop, the relevant partner will process your personal data as an independent controller in line with its own privacy policy. In 2024 these are the workshop organizers and links to their privacy policies: Mastercard Europe SA, SIA “DECTA”, KPMG Baltics SIA

Our partner – marketing service provider Nordic Fintech, in the event you purchase a ticket package that includes receiving marketing services from Nordic Fintech;

Public authorities (for example, tax administration authorities);

Law enforcement and supervising authorities, courts and other institutions engaged in dispute resolution;

Potential or existing legal successors of our business or its part or their authorised advisers or persons.

5. Retention of personal data

The relevant retention periods are indicated in section 3 above. We generally retain your personal data no longer than necessary to achieve the processing purposes. Data are usually stored until:

An agreement between us is valid and until any of the parties can exercise its rights (for example, to submit complaints and requests or claims to the court, etc.);

Data processing is necessary for us to be able to exercise the legal duties applicable to us;

Your consent in regard to the respective personal data processing is valid, unless there are other lawful grounds for processing personal data thereafter;

If we rely on our legitimate interest (for instance, processing personal data for surveys, service and offer improvement), we will retain your personal data for a period that does not exceed five years, unless the respective communication includes potentially unlawful conduct or conduct that leads to exercise of our legitimate interests. In this case, the respective personal data can be retained until the legitimate interest is fulfilled.

After the above conditions do not apply, your personal data is deleted permanently.

6. Your rights

The GDPR provides several rights that you can exercise any time contacting us:

You are entitled to receive a confirmation whether your data are or are not processed and, if they are processed, you are entitled to access them and receive their copy;

You can ask to rectify or, considering the purposes of data processing, supplement incomplete data;

You can request deletion of your data;

You can ask us to limit your personal data processing;

You have the right to data portability;

You can withdraw your consent;

If the processing is based on legitimate interest, you can object to the processing.

Please note that the rights are limited in scope and we might not be required to fulfil all requests. In the event of withdrawal of consent, we are entitled to store your consent and its proof for a period necessary for protecting our rights in regard to claims or complaints submitted to us. If you believe that your personal data is processed unlawfully, without justified grounds or the processing otherwise violates the requirements of the GDPR, or you have any other concerns or questions about the processing of your personal data, please do not hesitate and contact us by submitting a request, application or complaint. We will provide answers to all your questions and eliminate errors, if any.

If you consider that the processing of your personal infringes your rights, you can submit a complaint with the Latvian State Data Inspectorate (Datu valsts inspekcija) (Elijas str. 17, LV-1050 Rīga, Latvia, e-mail: pasts@dvi.gov.lv), however, we would recommend contacting us first and we will try to resolve all your concerns together with you.

E-mail: info@ecom21.com, phone number: +371 63 007 007