Privacy Policy

The personal data controllers processing personal data obtained through the titov.lv website are: • Aleksejs Titovs (individual merchant) • Darja Titova (individual merchant)

Address: Matīsa iela 69a, Riga, LV-1009, Latvia Phone: +371 27 182 445 (Aleksejs) +371 27 581 323 (Darja) Email for privacy inquiries: info@titov.lv

In this policy, "Therapy by Titov", "we", "us", "our" mean Aleksejs Titovs and Darja Titova as data controllers.

This Privacy Policy applies to the processing of personal data that occurs through the titov.lv website, including: • the reservation form (service request with Aleksejs or Darja) • the gift card application form • the blog / article topic suggestion form

Regardless of whether the site is used in Latvian, Russian, or English, personal data processing is carried out in accordance with this policy.

By using the website, you may voluntarily provide us with the following personal data:

Reservation form / gift card form / blog suggestion form: • name and surname • phone number • email address • preferred date and time of visit (or other preferred service information) • free-text message / comment (questions, comments, notes, etc.)

Technical data generated automatically when visiting the site: • IP address • browser type and version • device type, operating system • date and time of visit • viewed pages and actions on the site

These technical data are processed using server log files and Google Analytics. We do not create a separate customer database; the data goes to our email and is processed for communication purposes as described below.

We process personal data for the following purposes:

Processing reservations and communicating with clients • to receive and confirm a visit application • to clarify details if necessary (service type, time, etc.) • to send practical information about the visit (address, directions, etc.)

Processing gift card orders • to receive and process a gift card application • to agree on the payment method and delivery

Communication and answering questions • to answer questions submitted via website forms or email • to receive and evaluate blog / article topic suggestions

Fulfillment of accounting and legal obligations • to prepare and store accounting documents in accordance with Latvian regulatory acts • to fulfill tax and other legal obligations

Website security and statistics • to maintain the site's technical operation and security • to analyze visitor statistics, improve site content and user experience using Google Analytics

We currently do not send regular marketing news or newsletters. If such a practice is introduced in the future, we will ask for a separate, clear consent.

We process personal data based on the following legal grounds of the General Data Protection Regulation (GDPR):

Conclusion and performance of a contract (GDPR Article 6(1)(b)) When you submit a reservation form or gift card application, the data is necessary for us to process the application and provide the service.

Legitimate interests of the controller (GDPR Article 6(1)(f)) • communication and answering questions • evaluating blog/article topic suggestions • website security and statistics (Google Analytics) to understand how the site is used and improve it

Fulfillment of legal obligations (GDPR Article 6(1)(c)) Accounting, fulfillment of tax and other regulatory requirements.

If in any specific case we ask for additional consent (e.g., if you wish to receive marketing emails in the future), data processing for this purpose will be based on your consent (GDPR Article 6(1)(a)), which you can withdraw at any time.

We do not store personal data longer than necessary for the purposes for which they were collected or longer than required by law. Indicative retention periods:

Reservation and gift card applications in email We store them for up to 2 years after the last communication to be able to refer to historical correspondence and defend our legal interests in case of potential claims.

Communication related to blog / article topic suggestions We store it for up to 1 year after the last communication or until the information is no longer needed for the respective purpose.

Accounting documents (invoices, payment info, etc.) We store them in accordance with Latvian regulatory acts – usually not less than 5 years and longer if required by law.

Technical and analytical data (Google Analytics) Stored in accordance with Google Analytics' default or our configured retention periods.

After the retention period expires, personal data is securely deleted or anonymized.

We do not sell your personal data or transfer it to third parties for marketing purposes. Personal data may only be transferred to the following categories:

Technical service providers (data processors) • Vercel – website hosting and operation. • Resend – sending and receiving emails through website forms. • Google Analytics – obtaining and analyzing website visitor statistics.

These service providers process data only on our behalf and in accordance with our instructions, based on data processing agreements and GDPR requirements. They do not use this data for their own purposes.

State institutions and supervisory authorities If necessary to comply with legal requirements (e.g., to the State Revenue Service or other institutions based on a legal request), we may transfer the necessary data to the respective authorities.

Some of our technical service providers (e.g., Google, Resend, Vercel) may be located outside the European Union or use servers located outside the EU/EEA. In such cases, data transfer takes place based on GDPR-permitted mechanisms, for example: • European Commission Standard Contractual Clauses, • other appropriate additional security measures.

We strive to use only those service providers that ensure a GDPR-compliant level of data protection.

Our website uses cookies and similar technologies to: • ensure basic website functionality, • analyze user flow and improve site content (Google Analytics).

Google Analytics uses cookies to collect statistics on how visitors use the site. This data may include: • anonymized IP address, • information about viewed pages and site events, • time spent and navigation on the site, • technical information about the device and browser used.

You can control the use of cookies: • in your browser (block or delete cookies), • and, if we offer a cookie banner / menu on the site, by adjusting your preferences.

Please note that fully disabling cookies may affect the website's functionality and user experience.

Under GDPR and other applicable laws, you have the following rights regarding your personal data:

• Right to be informed – to understand what data is processed about you and for what purposes. • Right of access – to get confirmation on whether we process your personal data and to receive a copy of the data. • Right to rectification – to request correction of inaccurate or incomplete data. • Right to erasure ("right to be forgotten") – to request the deletion of data if it is no longer necessary for the purposes collected or if processing is based on consent you have withdrawn and there is no other legal basis. • Right to restrict processing – in certain cases to ask to restrict data processing (e.g., while data accuracy or legal basis is verified). • Right to object – to object to data processing based on our legitimate interests (e.g., for statistics or security) if there are grounds related to your particular situation. • Right to data portability – in certain cases to receive your data in a structured, machine-readable format and transmit it to another service provider. • Right to withdraw consent – if data processing is based on your consent, you can withdraw it at any time. Withdrawal does not affect processing carried out before withdrawal.

To exercise your rights, please contact us: info@titov.lv

If you believe the processing of your personal data violates data protection requirements, you have the right to: • first contact us so we can clarify and resolve the situation; • as well as submit a complaint to the Latvian Data State Inspectorate. The contact information for the Data State Inspectorate is available on its official website.

We implement appropriate technical and organizational measures to protect personal data, including: • secure website hosting, • limiting access rights (emails and other systems are accessible only to Aleksejs and Darja or, if necessary, trusted technical partners), • data minimization principle – we do not ask for more data than necessary for the specific purpose.

However, it must be noted that no internet transmission or electronic storage is 100% secure. We strive to provide the highest possible level of protection but cannot guarantee absolute security.

The Privacy Policy may be available in multiple languages for your convenience. In case of any discrepancies between translations, the Latvian version shall prevail for interpretation purposes.

We may update this Privacy Policy from time to time to reflect: • changes in our services or site functionality, • changes in technical solutions (e.g., if we change our analytics or email provider), • changes in legislation.

The updated version will always be available on this page, indicating the "Last updated" date.