Privacy Policy
Effective from: 12.05.2026. Last updated: 12.05.2026.
1. General provisions
SIA "Marimoart", company registration number 50103408031, registered address: Aptiekas iela 8-28, Riga, LV-1005, Latvia (hereinafter – the Controller) is the owner of the website and online shop olgakazaka.com (hereinafter – the Website) and the controller of personal data within the meaning of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter – GDPR).
This Privacy Policy describes how the Controller collects, processes and protects the personal data of natural persons (hereinafter – Visitor or Data Subject) when the Visitor visits the Website, purchases the Controller's goods or services, subscribes to the newsletter, fills in a contact form, takes the archetype test or otherwise interacts with the Website.
Personal data is processed in accordance with the GDPR, the Latvian Personal Data Processing Law and other applicable laws and regulations of the Republic of Latvia.
Contact for data protection matters: Email: [email protected] Postal address: SIA "Marimoart", Aptiekas iela 8-28, Riga, LV-1005, Latvia
2. What personal data we process
Depending on how the Visitor interacts with the Website, the Controller may process the following categories of personal data.
Data the Visitor provides directly: name and surname, email address, phone number, postal address (for delivery of goods), payment information (processed by Stripe – see Section 5), company details (if an invoice is issued to a legal entity), the content of the message in the contact form, archetype test answers and results, testimonials and comments where the Visitor provides them voluntarily.
Data collected automatically: IP address, browser type and version, device type, operating system, date, time and duration of the Website visit, pages viewed and the Visitor's activity on the Website, traffic source (the link from which the Visitor arrived at the Website), cookie information (see Section 7).
3. Purposes and legal grounds for processing
Personal data is processed only for specific, clear and lawful purposes.
To provide services and products (course, book, mentoring), the Controller processes the Visitor's name, surname, email, phone, postal address and invoicing details. The legal ground is performance of a contract (Article 6(1)(b) GDPR).
Payment processing and accounting are based on performance of a contract and a legal obligation (Article 6(1)(b) and (c) GDPR) arising from the Latvian Accounting Law.
For processing contact form enquiries, the Controller uses the Visitor's name, email, phone number and message content. The legal ground is the Data Subject's consent (Article 6(1)(a) GDPR) and pre-contractual measures (Article 6(1)(b) GDPR).
For sending the newsletter "Olgas Kazakas piezīmes", the Controller processes the Visitor's name and email on the basis of the Data Subject's consent (Article 6(1)(a) GDPR).
For administering the archetype test and delivering its results, the Controller processes the Visitor's email, test answers and results on the basis of the Data Subject's consent.
For sending commercial communications to existing clients about similar products, the Controller uses the client's name and email on the basis of the Controller's legitimate interests (Article 6(1)(f) GDPR) and Section 9 of the Latvian Law on Information Society Services.
For ensuring the Website's operation, security, analysis and improvement, as well as marketing activities, the Controller processes technical information, IP address and cookie data. For technically necessary operations the legal ground is the Controller's legitimate interests; for analytical and marketing cookies it is the Data Subject's consent.
For resolving disputes and defending legal claims, the Controller may process all relevant data on the basis of its legitimate interests.
4. Data retention periods
The Controller stores personal data only for as long as it is necessary for the specific processing purpose or as required by applicable laws and regulations.
Purchase and payment data (for the course, book, mentoring) is retained for seven years after the transaction, in accordance with Section 28 of the Latvian Accounting Law.
Access data for participants of the "Ietekme" course is retained for the entire period of course access and for three years after access ends, in line with the general limitation period for claims.
Newsletter subscriber data is retained until consent is withdrawn or for three years after the Visitor's last activity.
Contact form enquiries that received no reply or did not lead to a client relationship are retained for six months.
Archetype test results are retained until consent is withdrawn or for two years after the test is completed.
Testimonials with an identifiable author that are publicly displayed on the Website are retained for the entire publication period and for one year after they are removed from the Website.
Website analytics data is retained according to the service provider's terms; for Google Analytics – up to 14 months. Marketing cookie data is retained according to the cookie management tool's settings, but no longer than 24 months.
After the retention period, data is either deleted or anonymised.
5. Recipients and processors of personal data
The Controller works with third parties that act as data processors (within the meaning of Article 28 GDPR) and provide services necessary for the operation of the Website and the performance of the Controller's obligations. All processors have signed data processing agreements with the Controller that guarantee an appropriate level of personal data protection.
Website hosting and content management is provided by Wix.com Ltd.; server locations are in the EU and the USA.
Payment processing is provided by Stripe, Inc. Payments are handled within Stripe's environment, and the Controller does not receive or store the Visitor's payment card details. Stripe is located in the USA, and the data transfer is based on the European Commission's standard contractual clauses (Article 46 GDPR).
Customer relationship management (CRM), contact records, email marketing, the course platform and contact form processing are provided by HighLevel Inc. (GoHighLevel), located in the USA; the transfer is based on standard contractual clauses.
The archetype test and its results database (which stores the email and test results) are provided by Lovable AB and Supabase, Inc., located in the EU and the USA; the transfer to the USA is based on standard contractual clauses.
Physical delivery of the book in Latvia and the European Union is provided by Omniva (SIA "Omniva" / AS Eesti Post), located in the EU.
Website usage analytics is provided by Google Ireland Limited (Google Analytics) – EU and USA; the transfer to the USA is based on standard contractual clauses.
Advertising effectiveness measurement and retargeting is provided by Meta Platforms Ireland Limited (Meta Pixel) – EU and USA; the transfer to the USA is based on standard contractual clauses.
In addition to the processors listed above, data may also be received by the Controller's accounting service provider, legal advisors (only where necessary) and state authorities to whom data must be provided under applicable law, such as the State Revenue Service.
The Controller does not sell or transfer personal data to third parties for marketing or other commercial purposes.
6. Data transfers outside the European Union and the European Economic Area
Some of the processors listed in Section 5 (Stripe, GoHighLevel, Google, Meta, Supabase) may process data outside the EU and the EEA, primarily in the United States of America.
Such transfers take place on the basis of the European Commission's standard contractual clauses (Article 46(2)(c) GDPR) or other appropriate safeguards that provide the transferred data with protection equivalent to that guaranteed in the EU.
7. Cookies
Cookies are small text files that the Visitor's browser saves on their device when they visit the Website. They help the Website work, remember the Visitor's preferences and provide the Controller with information about how the Website is used.
The Website uses three categories of cookies. Strictly necessary cookies ensure the basic operation of the Website (session management, security); consent is not required for these cookies. Analytical cookies (Google Analytics) help understand how Visitors use the Website and are activated only with the Visitor's consent. Marketing and advertising cookies (Meta Pixel) enable targeted advertising and measure the effectiveness of advertising campaigns; they are activated only with the Visitor's consent.
On the first visit to the Website, the Visitor is asked to choose which cookie categories to allow. Consent can be withdrawn or changed at any time using the cookie settings tool on the Website or by changing browser settings.
Most browsers allow cookies to be controlled through their settings. The Visitor can block or delete cookies, but some Website features may then not work properly.
8. Data subject rights
Under the GDPR, the Data Subject has several rights regarding their personal data.
The right of access (Article 15 GDPR) means the right to obtain confirmation as to whether personal data concerning the Data Subject is being processed, and to receive a copy of that data.
The right to rectification (Article 16 GDPR) means the right to request that inaccurate or incomplete data be corrected.
The right to erasure, or "right to be forgotten" (Article 17 GDPR), means the right to request deletion of data when there is no longer a legal ground for its processing.
The right to restriction of processing (Article 18 GDPR) means the right to request that processing be restricted in certain cases.
The right to data portability (Article 20 GDPR) means the right to receive one's data in a structured, commonly used and machine-readable format and to transmit it to another controller.
The right to object (Article 21 GDPR) means the right to object to processing based on the Controller's legitimate interests, as well as to object at any time to processing for direct marketing purposes.
The right to withdraw consent (Article 7 GDPR) – where processing is based on consent, the Data Subject may withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.
The right to lodge a complaint with a supervisory authority. If the Data Subject considers that their rights have been infringed, they may contact the Data State Inspectorate (Elijas iela 17, Riga, LV-1050; [email protected]; www.dvi.gov.lv).
To exercise any of the above rights, please write to [email protected] or send a request by post to SIA "Marimoart", Aptiekas iela 8-28, Riga, LV-1005, Latvia. The Controller will respond within one month of receipt of the request; in the case of complex or numerous requests, this period may be extended by a further two months, with notice given to the Data Subject.
To protect the Data Subject's personal data, the Controller may request additional information to verify identity.
9. Commercial communications
A commercial communication is any electronic message intended for direct or indirect promotion of goods or services.
The Controller sends commercial communications with the Visitor's prior consent (for example, when subscribing to the newsletter), as well as to existing clients about similar products or services on the basis of Section 9 of the Latvian Law on Information Society Services.
Every commercial communication includes the option to unsubscribe from further messages. The Visitor may also write to [email protected] to stop receiving commercial communications.
10. Data security
The Controller implements appropriate organisational and technical measures to protect personal data from unauthorised access, unlawful processing, accidental loss, alteration or destruction. These measures include access control (only authorised persons), encryption of data in transit (SSL/TLS), regular security updates, and the selection of cooperation partners based on their ability to ensure an appropriate level of data protection.
Despite the measures taken, complete data protection on the internet cannot be guaranteed. In the event of a data security incident, the Controller acts in accordance with Articles 33 and 34 of the GDPR.
11. Children's data protection
The Website is not intended for persons under the age of 16. The Controller does not knowingly process such persons' data.
12. Changes to the Privacy Policy
The Controller reserves the right to update this Privacy Policy periodically to reflect changes in laws and regulations or in the Controller's operations. The current version is always available on the Website. In the case of significant changes, the Controller will inform Data Subjects by email or by a notice on the Website.
The date at the top of the page indicates when the Policy was last updated.
13. Jurisdiction and applicable law
This Privacy Policy and the processing of personal data are governed by the laws and regulations of the Republic of Latvia and the European Union, including the GDPR and the Personal Data Processing Law.
All disputes will be resolved through negotiation. If an agreement cannot be reached, disputes will be heard in a court of the Republic of Latvia in accordance with the laws of the Republic of Latvia.
14. Contact
Questions about this Privacy Policy or the processing of personal data may be sent to:
SIA "Marimoart" Aptiekas iela 8-28, Riga, LV-1005, Latvia Email: [email protected]