Privacy Policy | Stay Riga

This Privacy Policy explains how Stay Riga collects, uses, and protects personal data when you visit stayrigalatvia.com (the "Site"). It is written to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, and the ePrivacy/PECR cookie rules. Because the Site is aimed at travellers in the EU and UK, we apply these standards to all visitors.

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

Controller: Strandway Ventures / Chandler Toombs
Location: Dartmouth, Nova Scotia, Canada
Contact for privacy requests: [email protected]

As we are established outside the EU/UK but offer information to visitors there, we act as controller for the limited processing described below and apply GDPR/UK GDPR standards accordingly.

2. What Data We Collect

We are a content website and collect as little personal data as possible. We do not run user accounts, newsletters, or contact forms that store data.

Strictly necessary technical data: Your browser sends standard information (IP address, browser type, device, and pages requested) to our hosting/CDN provider so the Site can be delivered and kept secure. This is processed transiently in server logs.
Optional analytics data: Only if you consent, we may collect aggregated, non-identifying usage data (page views, referral source, approximate country-level location). Analytics are off by default and are only loaded after you opt in via the cookie banner.
Consent records: Your cookie choices are stored locally in your browser (localStorage) so we can honour them. This stays on your device.
Email correspondence: If you email us, we process your email address and message to reply. We do not add you to any list.

We do not knowingly collect data from children under 16, and the Site is not directed at children.

3. Legal Bases for Processing

Legitimate interests (Art. 6(1)(f) GDPR): to deliver, secure, and maintain the Site via standard server logs.
Consent (Art. 6(1)(a) GDPR): for any non-essential cookies or analytics. You may withdraw consent at any time (see Cookie Preferences in the footer).
Legitimate interests / performance: to respond to emails you send us.

4. Affiliate Links and Third Parties

Stay Riga earns commission from affiliate partners. When you click an affiliate link, you leave our Site and the partner may set their own cookies and process your data under their privacy policy. These cookies are set by the partner, not by us. Our partners include: Booking.com, GetYourGuide, Viator, DiscoverCars, Kiwi.com, Skyscanner, SafetyWing, and Airalo. We have no control over, and are not responsible for, their data practices, and we encourage you to review their policies. See our Affiliate Disclosure and Cookie Policy.

5. Hosting and International Transfers

The Site is hosted on a global content delivery network, and we are based in Canada. This means your technical data may be processed outside the EU/UK. Where personal data is transferred internationally, it is protected by appropriate safeguards (such as our providers' Standard Contractual Clauses and Canada's recognised data-protection framework). We keep the data involved to a minimum.

6. How Long We Keep Data

Server/CDN logs are retained only for a short period for security and diagnostics and then deleted or anonymised by our provider. Consent records remain in your browser until you clear them or change your choice. Emails are kept only as long as needed to handle your enquiry.

7. Your Rights

Under the GDPR and UK GDPR you have the right to: access your data; rectify inaccurate data; erase data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time without affecting prior processing. To exercise any right, email [email protected]. Because we hold very little identifiable data, there is often nothing for us to retrieve or delete.

You also have the right to lodge a complaint with a supervisory authority: in the EU, your national Data Protection Authority (in Latvia, the Data State Inspectorate); in the UK, the Information Commissioner's Office (ICO).

8. Changes to This Policy

We may update this policy from time to time. Material changes will be posted here with a revised "Last updated" date.

9. Contact

For any privacy question or request, contact [email protected].