Privacy policy

1. Introduction

The purpose of this Privacy Policy is to provide information on the processing of data of natural persons by  The Museum of Literature And Music (MLM). This Privacy Policy applies to the data of natural persons collected from the data subject - MLM customer (User) within the framework of ticket sales, regardless of the form or medium in which the personal data is provided (electronic, paper, or oral).
The Controller shall take care of the privacy and personal data protection of the Users, and respect the rights of the Users to the lawfulness of the processing of personal data in accordance with the applicable legislation: the Regulation of the European Parliament and of the Council of 27 April 2016 No 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Regulation) and other applicable legislation in the area of privacy and personal data processing.

2. Controller and contact details
The Controller is The Museum of Literature And Music, 90009175091, address: Pulka Street 8, Riga, (the "Controller"). Website:, e-mail:, telephone: +371 67216 425. The Museum of Literature and Music data protection services are provided by “AB 19” Ltd., e-mail:

3. Data Processor and contact details
The Data Processor is “DIVI grupa”  Ltd., 40003803059, address: Fridriha Candera Street ela 1, Raga, (The Data Processor). Website:, e-mail:; telephone: 25440073

4. Purposes of processing, the legal basis for processing
The Controller processes the User's personal data in order to conclude a ticket or gift card purchase contract with the User and to ensure its performance.
The processing is based on the following legal grounds:
- for the conclusion and performance of the contract - at the User's request;
- with the consent of the data subject, the User;
- to comply with the requirements of laws and regulations - to comply with the obligations of MLM under external laws and regulations;
- for the purposes of ensuring the legitimate interests of MLM.

5. Categories of personal data
The Controller processes the following categories of personal data - name, surname, e-mail or postal address, IP address, telephone number, content of the message or letter, etc.

6. Categories of recipients of personal data
The data is disclosed to those employees of the Data Controller who need it for the performance of their direct job duties.

7. Categories of data subjects
Categories of data subjects - current, former, and potential customers of MLM.

8. Transfer of data outside Latvia
The data received is not and will not be transferred outside the European Union or the European Economic Area, nor will it be transferred to any international organization.

9. Duration of data retention
Unless otherwise stated in the data protection instructions, the Controller determines the time period after which the reason for processing the data no longer applies and User's personal data shall be deleted, unless the Controller has a legal obligation to continue to retain the data (for example, but not limited to, for accounting or litigation purposes).

10. Access to personal data by the data subject
MLM shall provide the User with the exercise of the data subject's rights set out in the regulatory enactments, including information regarding the processing of the User's data, the right to request access to his/her personal data, as well as to request the Controller to supplement, rectify or delete them, to restrict processing or to object to processing, insofar as these rights do not conflict with the purpose of the data processing (conclusion or performance of a contract).
The User may submit a request for the exercise of his/her rights in writing in person, at the registered office of the Controller (on presentation of an identity document) or by e-mail, signed with a secure electronic signature.
Upon receipt of the User's request to exercise his/her rights, the Manager shall verify the User's identity, assess the request, and execute it in accordance with the laws and regulations.
The User shall not be entitled to receive information if the disclosure of such information is prohibited by law in the field of national security, national defence, public security, criminal law, as well as for the purpose of ensuring the financial interests of the State in tax matters or the supervision of financial market participants and macroeconomic analysis.

11. Right to lodge a complaint with the supervisory authority
The User has the right to lodge a complaint with the supervisory authority (State Data Inspectorate) at Blaumaņa Street 11/13, Riga or at the following e-mail address: