Privacy Policy
Last updated: 2026-02-26
This policy describes how SIA Vibe Solutions processes personal data when you visit vibesolutions.eu or contact us by email. We aim to keep this clear and specific - no legalese filler.
1. Controller
SIA Vibe Solutions
Registration No. 40203672530
Matīsa iela 61 - 24, Rīga, LV-1009, Latvia
Email: gdpr@vibesolutions.eu
SIA Vibe Solutions is the controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"). We have not appointed a Data Protection Officer, as we are not required to do so under Article 37 GDPR. For any data protection matters, contact us at the email address above.
2. What we process and why
We have two processing activities. We do not use cookies, analytics tools, tracking pixels, or any form of behavioural profiling.
2.1. Web server logs
When you visit this website, our web server automatically records standard log data for each request.
| Aspect | Detail |
|---|---|
| Data collected | IP address, date and time of request, HTTP method and requested URL, request size, referrer URL, user agent string |
| Purpose | Security monitoring, troubleshooting, abuse prevention, and maintaining the operational integrity of the website |
| Legal basis | Legitimate interest - Article 6(1)(f) GDPR. Our interest is to operate a secure, functional website. Server logs are essential to detect and respond to technical issues and malicious activity. This processing is minimal, expected by visitors, and proportionate to the interest pursued. |
| Retention | 90 days from collection, then automatically deleted |
| Recipients | Logs are stored on infrastructure provided by Microsoft Ireland Operations Limited (see Section 5). No other third parties receive this data. |
2.2. Email correspondence
If you contact us by email, we process the personal data contained in your message.
| Aspect | Detail |
|---|---|
| Data collected | Sender name, email address, message content, metadata (date, subject line), and any attachments you include |
| Purpose | Responding to your inquiry, evaluating a potential business relationship, and managing ongoing correspondence |
| Legal basis | For initial inquiries: legitimate interest - Article 6(1)(f) GDPR. Our interest is to respond to and evaluate business inquiries directed at us. The data processed is limited to what is inherent to the email protocol and what you voluntarily include; this processing is proportionate and reasonably expected by anyone initiating business correspondence. If correspondence leads to a contractual relationship: performance of a contract or pre-contractual measures - Article 6(1)(b) GDPR. For retention required by law: legal obligation - Article 6(1)(c) GDPR, under Latvian accounting, tax, and commercial law. |
| Retention | 24 months from the date of the last message in the correspondence thread, then deleted. Correspondence that forms part of a contractual relationship - such as scope confirmations, invoices, or approvals - may be retained for up to 10 years from the end of the relevant reporting year, as required by Latvian accounting, tax, and commercial law. |
| Recipients | Email is hosted by Proton AG (see Section 5). No other third parties receive this data. |
3. Obligation to provide data
Website visits: Transmission of technical data (such as your IP address) is inherent to the HTTP protocol - you cannot access any website without it. No additional personal data is required or requested.
Email: The decision to contact us is entirely voluntary. However, if you choose to send an email, your email address is transmitted as an inherent part of the email protocol (SMTP). Any other information you include - your name, subject line, message content, attachments - is provided at your discretion. If you choose not to contact us, the sole consequence is that no inquiry is received and no business relationship can be established.
4. Cookies and tracking
This website does not set any cookies - not first-party, not third-party. We do not use analytics services, tracking pixels, fingerprinting, social media embeds, or any other form of visitor tracking or behavioural profiling. No consent banner is needed, because there is nothing to consent to.
5. Sub-processors and international data transfers
5.1. Microsoft Ireland Operations Limited
Our website is hosted on Microsoft Azure, with origin servers located in the West Europe (Netherlands) region. Microsoft Ireland Operations Limited, a company incorporated in Ireland, is the contracting entity.
The website is served through a globally distributed edge network. This means that request metadata - including your IP address - may transiently pass through edge nodes located outside the European Economic Area, in order to serve content from the nearest point of presence. Additionally, Microsoft support personnel outside the EEA may access data for service operation or troubleshooting purposes. Microsoft covers such transfers under the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), as incorporated in the Microsoft Products and Services Data Protection Addendum. Microsoft also applies supplementary technical measures as described in that addendum.
5.2. Proton AG
Email is hosted by Proton AG, a company incorporated in Switzerland, with servers located in Switzerland and the EU (Germany). The European Commission has recognised Switzerland as providing an adequate level of data protection (Commission Decision 2000/518/EC, confirmed in the Commission's first review of pre-GDPR adequacy decisions - COM(2024) 7 final of 15 January 2024). Transfers to Proton AG are therefore covered by this adequacy decision and require no additional safeguards.
6. Your rights
Under GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, contact us at gdpr@vibesolutions.eu. We will respond within one month (extendable by two further months for complex requests, per Article 12(3) GDPR).
- Access (Article 15) - request a copy of the personal data we hold about you.
- Rectification (Article 16) - request correction of inaccurate data.
- Erasure (Article 17) - request deletion of your data where there is no compelling reason for continued processing.
- Restriction (Article 18) - request that we limit how we use your data while a concern is resolved.
- Data portability (Article 20) - receive your data in a structured, commonly used, machine-readable format (applicable to data processed on the basis of consent or contract).
- Object (Article 21) - you have the right to object at any time to processing based on legitimate interest (Article 6(1)(f)). This applies to both processing activities described above. Upon receiving your objection, we will cease the processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
You are not subject to any automated decision-making or profiling.
7. Right to lodge a complaint
If you consider that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement (Article 77 GDPR).
Our competent supervisory authority is:
Datu valsts inspekcija (Data State Inspectorate)
Elijas iela 17, Rīga, LV-1050, Latvia
Phone: +371 67223131
Email: pasts@dvi.gov.lv
Website: www.dvi.gov.lv/en
8. Changes to this policy
We may update this policy to reflect changes in our processing activities or legal requirements. The "last updated" date at the top of this page will be revised accordingly. For material changes, we will make the updated policy available at this URL. We do not collect contact details for the purpose of sending policy-update notifications.
9. Applicable law
This policy is governed by GDPR (Regulation (EU) 2016/679) and the Latvian Fizisko personu datu apstrādes likums (Personal Data Processing Law), which supplements GDPR in Latvia.