The purpose of this Privacy Policy is to provide individuals (data subjects) with information about the purposes, scope, methods of protection and processing of personal data, as well as the rights of data subjects regarding the processing of their personal data.
This privacy policy applies to the processing of personal data carried out by SIA "Jenson Iepakojums" as a data controller.
Last updated: August 07, 2025
1. DATA CONTROLLER
The controller of personal data is SIA “Jenson Iepakojums”, registration No. LV 40003292579, legal address: Daugavgrīvas Street 78, Riga, LV-1007, email: info@gofra.lv.
Data protection contact person: info@gofra.lv
2. SCOPE OF THE PRIVACY POLICY
This privacy policy applies to the processing of personal data regardless of the format in which it is processed - paper, electronic, or telephone, when performing:
• product sales and service provision;
• marketing activities;
• customer service process;
• maintenance of the website www.gofra.lv;
• social media management;
• business communication with partners and clients.
SIA "Jenson Iepakojums" has the right to make changes to this privacy policy, making the current version available at www.gofra.lv.
3. PERSONAL DATA CATEGORIES
Depending on your relationship with our company and the services used, we may collect and process various categories of personal data. This data is necessary to ensure quality service delivery, fulfill contractual obligations, and comply with legal requirements.
3.1. IDENTIFICATION DATA:
This data is necessary to identify you as a client or cooperation partner and ensure proper contract conclusion:
• name and surname - for basic identification in all business processes;
• personal code - necessary for legal document processing, especially when concluding contracts with individuals, as well as in accordance with accounting and tax law requirements;
• legal entity name and registration number - mandatory in B2B cooperation to verify company legality and conclude commercial contracts;
• job title - for business contact persons to ensure effective communication with the right responsible persons;
• date of birth - only in specific cases when required by legislation or contract terms.
3.2. CONTACT INFORMATION:
This information is vital for our mutual communication and product delivery:
• email address - primary communication method for order processing, invoice sending, technical support, and marketing communication (if you have given consent);
• phone number - necessary for operational communication, especially in urgent matters, delivery coordination, and problem solving;
• legal address - necessary for sending official documents and contract conclusion;
• delivery address - essential for product delivery to the right place and time, may differ from legal address;
• billing address - necessary for invoice issuing and accounting document management;
• actual residence address - may be necessary in individual cases according to contract terms or legal requirements.
3.3. FINANCIAL INFORMATION:
This information is necessary for payment processing and financial relationship management:
• bank account number - necessary for invoice payment processes, automatic payment processing, and money transfers. This data is stored according to bank regulations and payment processing requirements;
• payment history - helps analyze customer payment behavior, plan future transactions, and ensure appropriate credit policy. This information is important for long-term cooperation assessment;
• debt information - necessary to manage credit risks, conduct debt collection processes, and make decisions about future cooperation. Includes information about overdue payments and their settlement;
• credit rating information - used only for large transactions to assess customer solvency and make informed decisions about credit limit allocation or payment terms;
• VAT number - mandatory for all companies conducting VAT-taxable transactions, invoice issuing, and tax calculations according to Latvian and EU VAT directives.
3.4. COMMERCIAL INFORMATION:
This information forms the basis of our commercial cooperation and customer service improvement:
• order data and history - includes detailed information about all your orders, including product specifications, quantities, prices, and delivery terms. This information helps us understand your needs and offer personalized solutions;
• product preferences and specifications - information about your frequently used corrugated cardboard types, sizes, design requirements, and technical specifications. This allows us to process your orders faster and offer suitable products;
• price agreements and individual discounts - information about discounts granted to your company, special price lists, and contract terms. This data is confidential and used only in billing processes;
• correspondence and communication history - email correspondence, phone call records, and other commercial communication that helps us maintain consistent and professional cooperation;
• complaints and their solutions - detailed information about your submitted complaints, claims, and problem resolution history. This information helps improve our service quality;
• contract obligation fulfillment information - data about compliance with contract terms from both parties, delivery schedule fulfillment, and other contractual obligations.
3.5. TECHNICAL INFORMATION:
• IP address;
• session identifiers;
• browser type and version;
• operating system;
• screen resolution;
• visit time and duration;
• click data and navigation path;
• device identifiers.
3.6. COMMUNICATION DATA:
• email content;
• phone call recordings (if made with notification);
• chat history;
• social media communication;
• reviews and comments.
4. PERSONAL DATA PROCESSING PURPOSES
We process your personal data for the following purposes:
4.1. CONTRACT CONCLUSION AND EXECUTION:
• customer registration and authentication;
• order acceptance and processing;
• product manufacturing and delivery;
• invoice issuing and payment processing;
• contract obligation fulfillment control;
• warranty and after-sales service provision.
4.2. CUSTOMER SERVICE:
• consultation provision about products and services;
• technical support provision;
• complaint and dispute resolution;
• quality control surveys;
• customer satisfaction assessment.
4.3. MARKETING ACTIVITIES:
• information provision about new products;
• promotion and discount notifications;
• personalized offer preparation;
• market research;
• customer loyalty program management.
4.4. WEBSITE IMPROVEMENT:
• website functionality provision;
• user experience analysis and improvement;
• content personalization;
• security incident prevention;
• technical problem diagnosis.
4.5. LEGAL OBLIGATIONS:
• accounting record keeping;
• tax calculation and payment;
• statistical information provision to state institutions;
• audit and control procedure execution;
• court decision and state institution order execution.
5. LEGAL BASIS FOR PERSONAL DATA PROCESSING
Our personal data processing is always based on specific legal grounds defined in the General Data Protection Regulation (GDPR). For each data processing activity, we use only those legal grounds that are necessary and proportionate to achieve the specific purpose. This approach ensures that your personal data is processed lawfully and transparently.
5.1. CONTRACT PERFORMANCE (GDPR Article 6, paragraph 1, point b):
This legal basis is used when personal data processing is essentially necessary to perform a contract to which you are a party, or to take specific measures at your request before contract conclusion. In the corrugated packaging industry, this includes:
• complete order lifecycle management - from initial request to product delivery, including technical specification coordination, production planning, and quality control;
• invoice issuing and financial document preparation - all payment-related operations necessary for commercial relationship provision;
• warranty obligation fulfillment and after-sales service - product quality assurance, claim processing, and technical consultation provision;
• customer account management in our systems - to ensure continuous and effective cooperation, including order history maintenance and personalized approach.
5.2. LEGAL OBLIGATION (GDPR Article 6, paragraph 1, point c):
This basis applies to situations where personal data processing is mandatory to fulfill legal obligations applicable to our company, arising from Latvian and European Union legislation:
• accounting record keeping according to the Accounting Law - all transaction-related documents and personal data necessary for proper financial record keeping and report preparation;
• Tax calculation and payment – the use of personal data for the accurate calculation and timely payment of VAT, corporate income tax, and other taxes in accordance with Latvian tax legislation.
• document retention period compliance - compliance with legislatively defined periods for storing accounting documents, contracts, and other legal documents (usually 5-10 years);
• state institution information and control request fulfillment - cooperation with SRS, DVI, and other institutions within their competence, including information provision during inspections and investigations.
5.3. LEGITIMATE INTERESTS (GDPR Article 6, paragraph 1, point f):
This legal basis is used when personal data processing is necessary for compliance with our or third parties' legitimate interests, but only if these interests are not outweighed by your fundamental interests, rights, or freedoms. Before using this basis, we always conduct a legitimate interests balancing test:
• Ensuring business and premises security – the use of personal data to protect our warehouses, office spaces, production equipment, and products from theft or damage, including the operation of video surveillance systems.
• fraud and financial violation prevention - data analysis to identify suspicious activities, fake orders, or fraudulent payment attempts, protecting both our company and honest customers;
• internet website security and stability maintenance - technical data processing to prevent cyber attacks, protect against malware, and ensure continuous website operation;
• Protection of legal interests in litigation – the use of personal data in the event of legal disputes to defend our legitimate interests or to comply with court rulings.
• business analysis and strategic planning - market trend research, customer need analysis, and product development, which helps improve service quality and offer competitive prices.
5.4. CONSENT (GDPR Article 6, paragraph 1, point a):
This legal basis is used for activities that are not essentially necessary for contract performance but that improve your experience with our services. Consent is always voluntary, specific, and informed, and you can withdraw it at any time:
• marketing communications and informational publications - regular newsletter sending about new products, industry news, packaging solution trends, and our company activities. This communication helps you follow industry development;
• personalized commercial offers - individual price offer and product recommendation preparation based on your previous purchase history and expressed needs;
• customer satisfaction studies and feedback collection - periodic survey conduct to find out your opinion about our service quality and identify improvement areas;
• analytical and marketing cookie use - more detailed information about your website usage habits, which helps us optimize website functionality and offer relevant content.
6. PERSONAL DATA PROTECTION AND PROCESSING
Data protection is one of our company's priorities. We have invested significant resources to create a comprehensive data protection system that complies with both GDPR requirements and our industry's specific needs.
6.1. TECHNICAL SECURITY MEASURES:
We use modern technologies and industry best practices to protect your personal data:
• multi-layer data encryption - all personal data is encrypted both during transmission (using TLS 1.3 protocol) and during storage (AES-256 encryption), ensuring that even in case of system compromise, data remains unreadable;
• regular and comprehensive system security audit checks - vulnerability analysis, penetration testing, and code security review are conducted monthly;
• multi-factor authentication - all employee access to systems is protected with additional security levels;
• automatic system updates and vulnerability fixes - critical security updates are installed within 24 hours;
• regular data backup and disaster recovery procedure testing.
6.2. ORGANIZATIONAL SECURITY MEASURES:
At the technology level, we complement with strict organizational measures:
• strict access control policy - each employee can access only those personal data that are necessary for performing their specific work duties. Access rights are regularly reviewed and updated;
• mandatory and regular employee training - all our employees undergo specialized data protection training that includes GDPR requirements, practical security techniques, and incident response procedures;
• detailed activity log maintenance - all activities with personal data are registered and regularly analyzed to identify unusual activity or potential security incidents;
• confidentiality agreements - all employees and partners sign strict confidentiality agreements;
6.3. DATA MINIMIZATION PRINCIPLE:
We strictly comply with the GDPR data minimization principle, which means that:
• we collect only those personal data that are objectively necessary for achieving specific purposes – we never collect them “just in case” or “for stockpiling.”
• we regularly review the necessity of existing data - if some data is no longer needed, it is securely deleted;
• we use anonymization and pseudonymization techniques where possible - for statistics and analysis, data is processed in anonymized form;
• we comply with strict retention periods - after the period expires, data is securely and irreversibly deleted.
6.4. DATA ACCURACY ASSURANCE:
We actively strive to ensure that your personal data is accurate, complete, and current:
• regular data verification - during the year we may contact you to confirm contact information;
• simple self-service - you can log into your client zone at any time and update your data;
• automatic data validation - our systems check data logic and consistency;
• incorrect data correction - if we detect inaccuracies, we immediately correct them and inform you.
7. AUTOMATED DATA PROCESSING
SIA "Jenson Iepakojums" may use automated data processing in the following cases:
• automatic invoice generation;
• order processing automation;
• customer classification according to purchase history;
• personalized offer creation;
• website analytics data collection.
Automated decision-making that significantly affects data subjects is not performed without human involvement.
8. PERSONAL DATA RECIPIENT CATEGORIES
We may transfer personal data to the following recipient categories:
8.1. SERVICE PROVIDERS:
• IT service providers (cloud services, technical maintenance);
• payment processing services;
• accounting and legal services;
• marketing and advertising agencies;
• customer support services.
8.2. DELIVERY PARTNERS:
• courier and postal services;
• transport and logistics companies;
• warehouse management services.
8.3. STATE INSTITUTIONS:
• State Revenue Service;
• Data State Inspectorate;
• other state institutions in cases provided by law.
8.4. THIRD PARTIES:
• banks and financial institutions;
• insurance companies;
• legal advisors in litigation cases.
9. PERSONAL DATA TRANSFER TO THIRD COUNTRIES
Some of our service providers may be located outside the European Economic Area. In such cases, we ensure an appropriate level of protection using:
• European Commission adequacy decisions;
• standard data protection clauses;
• certification mechanisms;
• other GDPR-recognized protection measures.
Specific third-country service providers:
• Google Analytics (USA) - adequacy frameworks;
• cloud services (USA/EU) - standard clauses.
10. PERSONAL DATA RETENTION PERIODS
Personal data is stored only as long as necessary to achieve the purposes of their processing:
10.1. CONTRACT DATA:
• Active client data: until relationship termination + 3 years;
• Invoices and accounting documents: 5 years.
10.2. MARKETING DATA:
• Email addresses: until consent withdrawal;
• Customer preferences: until account closure + 1 year;
• Campaign results: 2 years.
10.3. TECHNICAL INFORMATION:
• Server logs: 12 months;
• Security records: 24 months;
• Analytics data: 26 months.
10.4. COMMUNICATION DATA:
• Email correspondence: 3 years;
11. DATA SUBJECT RIGHTS
According to GDPR, you have the following rights regarding the processing of your personal data:
11.1. RIGHT OF ACCESS (GDPR Article 15):
You have the right to obtain from us confirmation as to whether your personal data is being processed, and, if so, access to this personal data and information about:
• processing purposes;
• personal data categories;
• recipients or recipient categories;
• planned storage period;
• your rights;
• data source (if data was not obtained from you).
11.2. RIGHT TO RECTIFICATION (GDPR Article 16):
You have the right to request from us the correction of inaccurate personal data without undue delay. You also have the right to request the completion of incomplete personal data.
11.3. RIGHT TO ERASURE - "Right to be forgotten" (GDPR Article 17):
You have the right to request from us the deletion of your personal data without undue delay in the following cases:
• personal data is no longer necessary for the original purposes;
• you withdraw your consent;
• personal data has been processed unlawfully;
• data must be deleted for legal obligation compliance;
• you object to processing.
11.4. RIGHT TO RESTRICTION OF PROCESSING (GDPR Article 18):
You have the right to request from us restriction of processing in the following cases:
• you contest the accuracy of personal data;
• processing is unlawful, but you object to deletion;
• we no longer need the data, but you need it for legal claims;
• you have objected to processing.
11.5. RIGHT TO DATA PORTABILITY (GDPR Article 20):
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transfer this data to another controller.
11.6. RIGHT TO OBJECT (GDPR Article 21):
You have the right to object at any time to the processing of your personal data based on legitimate interests or public functions.
11.7. RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING (GDPR Article 22):
You have the right not to be subject to exclusively automated decision-making, including profiling, which produces legal effects concerning you.
EXERCISING RIGHTS:
To exercise your rights, contact us:
• E-pasts: info@gofra.lv
• Postal address: Daugavgrīvas iela 78, Riga, LV-1007
We will respond to your request without undue delay and in any case within one month of receiving the request.
12. CONSENT WITHDRAWAL
If personal data processing is based on your consent, you have the right to withdraw your consent at any time. Consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
CONSENT WITHDRAWAL METHODS:
• E-pasta ziņojums uz info@gofra.lv;
• Written application;
• Use of unsubscribe links in emails;
• Account settings changes on the website.
13. COMMUNICATION WITH PARTNERS
We may use your contact information for communication about:
• contract performance and order status;
• payment and invoice matters;
• product quality and technical support;
• legal matters and dispute resolution;
• business cooperation opportunities.
14. COOKIE USAGE
Cookies are small text files that a website saves on your device when visiting the site. They help the website remember information about your visit, such as your preferred language and other settings. We use cookies to improve your experience on our site and provide more personalized services.
14.1. FUNCTIONAL COOKIES (NECESSARY):
These cookies are essentially necessary for the basic website functions and cannot be disabled:
• session identifier management - ensures you stay logged into the website while using it and allows us to identify your activities within one session;
• shopping cart functionality - saves information about products you have added to the cart until order completion or session end;
• language and region settings - remembers your chosen language (Latvian, English, or Russian) and currency so the site displays in your desired format;
• security functions - helps protect against CSRF attacks and other security threats by verifying action authenticity.
Legal basis: legitimate interests (essentially necessary for service provision)
Storage period: until session end or up to 24 hours
14.2. ANALYTICAL COOKIES:
These cookies help us understand how visitors use our website:
• Google Analytics - collects information about how you use the site, how long you spend on each page, which pages you visit, and which site you came from. This information helps us improve site structure and content;
• user behavior analysis - tracks which buttons you click, where you scroll, which products interest you most, helping optimize site design and functionality;
• website performance measurement - measures page loading speeds, identifies technical problems, and helps improve user experience;
• conversion tracking - helps understand how effectively the site converts visitors into customers.
Legal basis: consent
Storage period: up to 26 months
14.3. MARKETING COOKIES:
These cookies are used to provide relevant advertising:
• Google Ads - tracks your interest in our products and shows corresponding ads in Google search results and partner sites;
• Facebook Pixel - allows us to show targeted advertising on Facebook and Instagram platforms to people who have visited our site;
• remarketing campaigns - allow us to contact people who have shown interest in our products but haven't made an order;
• cross-platform tracking - helps understand how you interact with our brand across various digital platforms.
Legal basis: consent
Storage period: up to 12 months
14.4. COOKIE MANAGEMENT AND CONTROL:
You have full control over what types of cookies our site can use:
• site cookie settings panel - when first visiting the site, you will see a cookie notice where you can choose which types of cookies to allow;
• browser settings - you can change cookie settings in your browser at any time or delete already saved cookies;
• email request – you can contact us at info@gofra.lv and request a change or deletion of cookie settings.
IMPORTANT INFORMATION: Disabling analytical and marketing cookies will not affect basic site functionality but may limit some additional features, such as personalized product offers or site usability improvements.
15. DATA PROTECTION BREACHES
If we detect a personal data protection breach, we:
• notify the Data State Inspectorate within 72 hours;
• inform affected persons if the breach may pose a high risk to their rights and freedoms;
• take necessary measures to prevent further breach risk;
• document the incident and actions taken.
16. COMPLAINT SUBMISSION
If you believe that your personal data processing is inappropriate, you can:
16.1. CONTACT US:
• E-pasts: info@gofra.lv
• Postal address: Daugavgrīvas iela 78, Riga, LV-1007
16.2. SUBMIT A COMPLAINT TO THE SUPERVISORY AUTHORITY:
Data State Inspectorate
• Address: Blaumaņa iela 11/13-15, Riga, LV-1011
• Phone: +371 67223131
• Email: info@dvi.gov.lv
• Website: www.dvi.gov.lv
16.3. GO TO COURT:
You have the right to go to court if you believe your rights have been violated.
17. POLICY CHANGES
SIA "Jenson Iepakojums" reserves the right to make changes to this privacy policy. Changes take effect on the day of their publication at www.gofra.lv.
We will inform about significant changes:
• on the website www.gofra.lv;
• by email (to registered clients);
• in other appropriate ways.
18. CONTACT INFORMATION
If you have any questions regarding this Privacy Policy or the processing of personal data:
SIA "Jenson Iepakojums"
Reg. number: LV 40003292579
Address: Daugavgrīvas iela 78, Riga, LV-1007
E-mail: info@gofra.lv
Data protection matters:
E-mail: info@gofra.lv
—
This Privacy Policy has been drafted in accordance with:
• Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR)
• Republic of Latvia Personal Data Processing Law
• other applicable legal acts of the Republic of Latvia and the European Union
Last updated: August 7, 2025
© 2025 SIA "Jenson Iepakojums"
English 
Latviski 
