EN LV
Start a project
Legal

Privacy policy

This policy explains how SIA HEIDA LTD processes personal data when you visit false.lv or contact us.

Last updated: 2026-04-18

1. Data controller

The data controller is SIA HEIDA LTD, registration no. 40203741048, legal address Spāres iela 3A-19, Rīga, LV-1002, Latvia. Questions: inquiries@false.lv.

2. Scope of this policy

This policy applies to all personal data processing we perform in relation to the false.lv website, our services, and our client engagements.

3. What we collect

  • Contact form data: name, email, phone (optional), service of interest, project brief, selected language, IP address, browser User-Agent, submission timestamp.
  • Analytics data (after consent): Google Analytics 4 pseudonymised client ID, pages viewed, device/browser, referral source, approximate geographic region.
  • Marketing data (after consent): Meta Pixel events, Facebook _fbp cookie.
  • First-touch attribution: UTM parameters, referrer domain and landing page — stored for 30 days to understand which marketing channel produced a contact request. No personal identifiers.
  • Insights surveys: if you vote in a poll, we store your chosen answer alongside a hash derived from your IP address and browser to prevent double-voting. The IP is not stored in plain text.
  • Insights article share clicks: when you click a share link, we log the network used (Facebook/LinkedIn/etc.), the referring domain, IP address, and User-Agent, so we can understand where traffic to our content comes from.
  • Article view counts: each article records total view count; the same browser is not counted more than once per hour (iv_<id> cookie).
  • Server logs: IP address, request URL, timestamp (security and debugging).
  • Country detection: one-time server-side call to ip-api.com to pick a default language. No cookie is set, no data is stored.

4. Purposes and legal basis

  • Respond to your inquiry and prepare a quote — GDPR Art. 6(1)(b) pre-contractual steps and 6(1)(f) legitimate interest in responding to prospects.
  • Statistics and site improvement (GA4) — GDPR Art. 6(1)(a) consent.
  • Ad effectiveness measurement (Meta Pixel) — GDPR Art. 6(1)(a) consent.
  • Server security and logging — GDPR Art. 6(1)(f) legitimate interest.
  • Compliance with legal obligations (e.g. accounting once we contract with you) — GDPR Art. 6(1)(c).

5. Retention

  • Contact form entries — 24 months after the last communication, then deleted or anonymised.
  • Google Analytics 4 data — 14 months (account-level setting).
  • Server access logs — 30 days.
  • Accounting and contract records — as required by Latvian law (typically 10 years).
  • Cookie consent record — 12 months.

6. Recipients and processors

Your data may be shared with the following third parties only to the extent necessary:

  • Zone Media Ltd. (zone.eu) — website hosting and email server (EU).
  • Google Ireland Ltd. — Google Analytics 4 (data may be transferred to the U.S. under the EU–U.S. Data Privacy Framework).
  • Meta Platforms Ireland Ltd. — Meta Pixel, if enabled and you have accepted marketing cookies.
  • ip-api.com — one-time country detection; no data stored on our side.
  • Law enforcement authorities, where required by law.

7. International transfers

Where data is transferred outside the EU/EEA (e.g. to Google), this is done under the EU–U.S. Data Privacy Framework or the European Commission's Standard Contractual Clauses (SCCs).

8. Security

We use HTTPS encryption, limit data access to authorised personnel, back up the database regularly, and store passwords securely. No internet transmission is 100% secure, but we follow industry best practices.

9. Your rights

Under GDPR you have the right to:

  • Access your personal data (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Request erasure ("right to be forgotten") (Art. 17).
  • Restrict processing (Art. 18).
  • Data portability — receive data in a machine-readable format (Art. 20).
  • Object to processing (Art. 21).
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with the supervisory authority — Data State Inspectorate (Elijas iela 17, Riga, LV-1050; pasts@dvi.gov.lv).

To exercise your rights, write to inquiries@false.lv. We respond within 30 days.

10. Automated decision-making

We do not perform automated decision-making or profiling that produces legal effects on you.

11. Cookies

Cookies and similar technologies are described in a separate Cookie policy.

12. Changes to this policy

We may update this policy. We will notify you of material changes on the website or by email. The current version date is shown at the top.