Skip to main content

Privacy Policy

This Privacy Policy explains how LaNexa ("we", "our", "us") collects, uses, and protects personal data when you visit lanexa.eu or contact us about our services. We follow the EU General Data Protection Regulation (GDPR) and Latvian data protection law.

1. Data Controller

LaNexa, located in Riga, Latvia. Email: info@lanexa.eu. For privacy-specific inquiries, contact us at the same email and write "Privacy" in the subject line.

2. What Personal Data We Collect

When you submit our contact form: your name, email address, phone number (optional), and the content of your message.

When you use our website: your IP address, browser type and version, operating system, the pages you visit, the time spent on each page, and the referring URL. This data is collected through standard web server logs and Google Analytics 4 (only if you give analytics consent through our cookie banner).

When you become a client: contact information, billing details, project content and communications, and any data you share with us as part of project work. Project data is processed under the contract with you, not under this Privacy Policy.

3. Why We Process Your Data and on What Legal Basis

To respond to your inquiry. Legal basis: pre-contractual measures and our legitimate interest in responding to potential clients (GDPR Art. 6(1)(b), Art. 6(1)(f)).

To run and improve the website. Legal basis: legitimate interest in operating a functional website and consent for non-essential analytics (GDPR Art. 6(1)(f), Art. 6(1)(a)).

To send service updates or proposals. Legal basis: consent or, for existing clients, our legitimate interest in client communication (GDPR Art. 6(1)(a), Art. 6(1)(f)).

To comply with legal obligations such as tax records. Legal basis: legal obligation (GDPR Art. 6(1)(c)).

4. Who We Share Data With

We do not sell personal data. We share data with the following categories of processors, each under a Data Processing Agreement (DPA):

Hosting and infrastructure providers: our website and backups run on EU-located VPS infrastructure (currently Hetzner and/or Contabo).

Analytics: Google Analytics 4, only when you have given analytics consent. Configured with Consent Mode v2 and data retention reduced to the minimum.

Email and communication tools: email is hosted with our email provider in the EU; communication tools used for client work are subject to per-engagement DPAs.

We do not transfer personal data outside the European Economic Area (EEA) for core operations. Where any sub-processor operates outside the EEA, the transfer is governed by Standard Contractual Clauses (SCC) per GDPR Chapter V.

5. How Long We Keep Your Data

Contact form submissions: retained for 24 months from the last contact, then deleted unless they have become part of a client relationship.

Client records: retained for the duration of the engagement and 10 years afterward, in line with Latvian accounting law for invoice and contract records. Non-financial project communications are deleted on client request or after 3 years post-engagement, whichever is earlier.

Web server logs: 30 days.

Google Analytics data: 14 months (the lowest GA4 retention setting).

Cookie consent records: 12 months from the date consent was given, then we ask again.

6. Cookies and Similar Technologies

Our website uses cookies in three categories:

Strictly necessary cookies: for the cookie banner state, session security, and form submission. These are always active because the site cannot function without them.

Analytics cookies: Google Analytics 4 cookies (_ga, _ga_*) are loaded only after you give analytics consent. Consent Mode v2 means that if you decline, GA4 receives only privacy-safe pings and we cannot identify you.

Preference cookies: none currently.

You can manage your preferences via the cookie banner at any time, or clear cookies through your browser settings.

7. Your GDPR Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure ("right to be forgotten") subject to legal retention obligations
  • Restrict or object to processing
  • Receive your data in a portable format (data portability)
  • Withdraw consent at any time, where consent is the legal basis
  • Lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) at www.dvi.gov.lv

To exercise any of these rights, email info@lanexa.eu with "Privacy Rights" in the subject line. We respond within 30 days.

8. Security

We protect personal data with appropriate technical and organizational measures: HTTPS on all pages, encrypted backups, restricted access to production systems, password hashing using bcrypt or Argon2, and regular security review of dependencies. No internet-facing system is fully secure, but we apply current best practice.

9. Changes to This Policy

We update this Privacy Policy when our processing activities change or when law requires. The "Last updated" date below reflects the current version. Material changes will also be communicated to active clients via email.

Last updated: 1 May 2026