Privacy Policy

Effective date: 01 January 2025

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit or make a purchase on
unitymars.com (the “Website”), and what rights you have under the EU/EEA data protection laws,
including the General Data Protection Regulation (“GDPR”).

1) Data Controller (Who we are)

SALE and RENT, SIA
Registration No.: 42103058302
VAT No.: LV42103058302
Registered address: Kungu iela 17–7, Liepāja, LV-3401, Latvia
Phone: +371 20392610
Email: [email protected]

2) What personal data we collect

Depending on how you interact with the Website, we may collect the following categories of personal data:

  • Identity & contact data: name, billing/shipping address, email address, phone number.
  • Account data: login credentials (hashed password), account preferences, order history.
  • Order & transaction data: items purchased, order value, currency, timestamps, invoices, delivery details, returns/refunds.
  • Payment data: we do not store full card numbers; payment is processed by our payment service providers. We may receive payment confirmation and limited details (e.g., transaction ID, payment status).
  • Customer support data: messages you send us (contact form, email), and related metadata.
  • Technical & usage data: IP address, device information, browser type, approximate location (derived from IP), pages visited, referral URLs, and interactions with the Website.
  • Cookie & similar technology data: identifiers stored on your device (see Section 10).

3) Sources of personal data

  • Directly from you (checkout forms, account registration, contact requests).
  • Automatically from your device (cookies, server logs, analytics tools).
  • From service providers involved in fulfilling your orders (e.g., payment, shipping, fraud prevention), where permitted by law.

4) Why we process personal data (Purposes) and legal bases

Under the GDPR, we must have a lawful basis to process personal data. We rely on the following bases:

A) Contract (Art. 6(1)(b) GDPR) — to perform a contract with you or take steps at your request before entering a contract:

  • Create and manage your customer account.
  • Process orders, payments, shipping, delivery, returns, refunds.
  • Provide customer support related to your orders.

B) Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable laws:

  • Accounting, tax, and invoicing obligations.
  • Responding to lawful requests by authorities.

C) Legitimate interests (Art. 6(1)(f) GDPR) — where our interests are not overridden by your rights:

  • Website security, preventing fraud, misuse, and unauthorized access.
  • Improving the Website and customer experience (basic analytics and performance monitoring).
  • Customer communication about service-related messages (e.g., order updates, important notices).

D) Consent (Art. 6(1)(a) GDPR) — where required (e.g., non-essential cookies, marketing where applicable):

  • Sending marketing emails/newsletters (if you opt in, where required).
  • Using analytics/advertising cookies (if you accept them via a cookie banner/manager).

5) Marketing communications

If we send marketing messages, you can opt out at any time by using the unsubscribe link in the email or by contacting us at
[email protected].
Service/transactional messages (e.g., order confirmations, delivery updates) are not marketing and may still be sent when necessary to perform our contract with you.

6) Who we share personal data with

We may share personal data only when necessary, for the purposes described above, with:

  • Payment service providers (to process payments and prevent fraud).
  • Shipping and logistics partners (to deliver your orders and manage returns).
  • IT, hosting, and infrastructure providers (to operate the Website and store data securely).
  • Customer support tools (to manage communications and support tickets, if used).
  • Analytics and performance providers (only where enabled and lawful; see Cookies section).
  • Professional advisors (legal, tax, accounting) where necessary.
  • Authorities where required by law or to protect our rights.

When we use processors (service providers), we require them to process personal data only on our instructions and to apply appropriate security measures.

7) International data transfers

Some of our service providers may process data outside the European Economic Area (“EEA”). If we transfer personal data outside the EEA,
we ensure appropriate safeguards, such as:

  • EU Commission adequacy decisions (where applicable), and/or
  • Standard Contractual Clauses (SCCs) and, where required, additional technical and organizational measures.

8) How long we keep personal data (Retention)

We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, or reporting requirements.
Typical retention periods include:

  • Order and invoice records: kept for the period required by applicable tax/accounting laws.
  • Account data: kept while your account is active; you may request deletion, subject to legal obligations.
  • Customer support messages: kept as long as needed to resolve issues and for reasonable record-keeping.
  • Technical logs: typically kept for a limited time for security and troubleshooting.

9) Your rights under the GDPR

If you are in the EU/EEA (and in certain other jurisdictions), you have the following rights, subject to legal conditions:

  • Right to access your personal data.
  • Right to rectification (correct inaccurate data).
  • Right to erasure (“right to be forgotten”) in certain cases.
  • Right to restriction of processing in certain cases.
  • Right to data portability (where applicable).
  • Right to object to processing based on legitimate interests, including profiling (if any).
  • Right to withdraw consent at any time (where processing is based on consent).

To exercise your rights, contact us at
[email protected].
We may need to verify your identity before fulfilling your request.

10) Cookies and similar technologies

We use cookies and similar technologies to operate the Website, remember your preferences, help with shopping cart functionality,
and (if enabled) measure and improve performance.

Types of cookies we may use:

  • Strictly necessary: required for core Website functions (e.g., cart, checkout, security).
  • Preferences: remember settings (e.g., language, region).
  • Analytics: help us understand how the Website is used (only where lawful/accepted).
  • Marketing: used to show relevant ads across sites (only where lawful/accepted).

You can control cookies through your browser settings and (where available) our cookie banner/manager. Disabling certain cookies may affect Website functionality.

11) Security

We implement appropriate technical and organizational security measures to protect personal data against accidental or unlawful destruction,
loss, alteration, unauthorized disclosure, or access. However, no system is 100% secure, and we cannot guarantee absolute security.

12) Children

Our Website is not intended for children, and we do not knowingly collect personal data from children under the age required by applicable law.
If you believe a child has provided us with personal data, please contact us so we can take appropriate steps.

13) Third-party links

The Website may contain links to third-party websites. We are not responsible for the privacy practices of those websites.
We recommend that you review their privacy policies before providing them with personal data.

14) Complaints (Supervisory Authority)

If you are in the EU/EEA, you have the right to lodge a complaint with a supervisory authority in your country of residence, workplace, or where an alleged infringement occurred.
As we are established in Latvia, you may also contact the Latvian supervisory authority:

Data State Inspectorate (Datu valsts inspekcija)
Address: Elijas 17, Riga, LV-1050, Latvia
Email: [email protected]
Phone: +371 67223131

15) Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes.
The “Effective date” at the top shows when the latest version took effect. Your continued use of the Website after updates means you accept the updated policy.

16) Contact

If you have questions about this Privacy Policy or how we handle your personal data, contact us at
[email protected].

Note: This Privacy Policy is drafted to be GDPR-aligned for an e-commerce website. If you use specific third-party tools
(e.g., a named analytics platform, email marketing provider, live chat, or ad networks), you should list them explicitly in Section 6 and/or Section 10 for maximum transparency.