Privacy Policy
Website: ugcbaltic.com
Last updated: April 2025
1. General ProvisionsWe, ugcbaltic.com, SIA TTW, consider your privacy our top priority. We understand the importance of your personal data and are committed to ensuring it is processed securely, transparently, and with the utmost care. Our platform is designed not only to provide joy and connection through gifts, but also to respect your privacy rights. We strictly comply with the rules set out in the General Data Protection Regulation (GDPR) to protect your personal information and give you full control over how your data is collected, processed, and used.
This Privacy Policy explains how we collect, use, disclose, and protect your personal data, ensuring full compliance with GDPR guidelines. We believe in transparency and have written this policy to be clear and accessible, so you can easily understand how your personal information is managed. By using ugcbaltic.com, you can be confident that your data is in safe hands.
This Privacy Policy explains how the website ugcbaltic.com (hereinafter — “we”, “our”, “the Platform”) collects, processes and protects the personal data of our users.
We recognise the importance of protecting your privacy. All personal data processing activities are carried out in accordance with:
• Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
• The Personal Data Processing Law of the Republic of Latvia (2018)
• The Electronic Communications Law of Latvia
• The Information Society Services Law of Latvia
2. Data ControllerThe controller of your personal data is:
• Name: SIA TTW
• Registration number: 40203734031
• Legal address: 10 Raznas Street
(Rāznas iela), Lipuski, Makoņkalns Parish, Rezekne Municipality, LV-4626
• Email: thetimetowish@gmail.com
• Website: ugcbaltic.com
By registering or using ugcbaltic.com (hereinafter — “the Services”), you agree to this Privacy Policy, which sets out the processing of your personal data pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR).
3. What Data We Collect 3.1 Data You Provide Upon RegistrationWhen you apply for courses or complete forms on the Platform, we collect:
• First and last name
• Email address
• Phone number (if provided)
• Social media profile links
• Preferred product categories and interests
• Links to specific products on your wish list
We do not collect or process any special categories of personal data (e.g. health data, religion, or political views) as defined under Article 9 of the GDPR.
Providing personal data is neither a statutory nor a contractual requirement. However, certain personal data must be provided in order to conclude a contract and receive the services. While the data subject is not obliged to provide their personal data, failure to do so will prevent them from accessing and using the service.
Data sharing: we share responsiblyWe may share your data with trusted service providers who help us operate the Website. These include hosting services, email service providers, payment processors, and technical support. All third parties processing your data do so under contracts that ensure GDPR compliance (Article 28 GDPR).
Data retention: we keep your data only as long as necessaryWe will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or to meet legal obligations. Once your data is no longer needed, we will securely delete or anonymise it, as set out in Article 5(1)(e) of the GDPR.
Your rights: control over your dataUnder the GDPR you have specific rights regarding your personal data:
- Right of access: You may request information about the personal data we hold about you (Article 15 GDPR).
- Right to rectification: If any of your data is inaccurate or incomplete, you have the right to request its correction (Article 16 GDPR).
- Right to erasure: You may request the deletion of your personal data under certain conditions (Article 17 GDPR).
- Right to restriction: You may request the restriction of processing of your data in certain circumstances (Article 18 GDPR).
- Right to data portability: You may request a copy of your data in a structured, machine-readable format (Article 20 GDPR).
- Right to object: You may object to our use of your data, in particular for direct marketing purposes (Article 21 GDPR).
- Right to withdraw consent: You may withdraw your consent to specific data processing activities at any time (Article 7(3) GDPR).
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the supervisory authority (Data State Inspectorate). Documents may be submitted by post, by email (with documents signed with a secure electronic signature), or left in the letterbox on the ground floor at 11/13 Blaumana Street
(Blaumaņa iela), Riga. The Data State Inspectorate accepts email submissions sent to: info@dvi.gov.lv.
Withdrawal of consentYou may withdraw your consent to data processing at any time. We will immediately cease processing your data, except where we are required to retain it for legal or contractual reasons (Article 6(1)(c)–(f) GDPR). Withdrawal of your consent does not affect the lawfulness of processing carried out on the basis of consent given before its withdrawal.
Website privacy policyAs the Website may contain links to other websites, we recommend reviewing their privacy policies before entering any personal data. We accept no responsibility for personal data you provide on other websites.
3.2 Video content and creative contentWhen participating in the UGC programme, we collect and process:
• Video files you create and their metadata
• Published posts on social networks mentioning the Platform
• Reviews and ratings of received products
3.3 Automatically collected data• When you visit our website, technical data is automatically recorded: IP address, browser type, device type, list of pages visited, timestamps, referrer URL, pages you visit on our site, visit time and date, time spent on pages, links you follow, and actions taken on the Website.
3.4 CookiesWe use cookies to ensure the operation of the website, collect visitor statistics, and for marketing purposes.
We use cookies to improve your browsing experience and analyse traffic on our website. You can manage your cookie preferences through your browser settings. Cookies help us identify and understand your preferences. To ensure the best user experience and full Website functionality, it is recommended to keep cookies enabled. However, if you wish to decline them, you can do so by changing your browser settings.
TTW does not engage in automated decision-making or profiling as defined under Article 22 of the GDPR.
4. Purposes of processing and legal basesWe are committed to ensuring that your personal data is processed in full compliance with the GDPR. Below are the types of personal data we collect, the purposes for which we use it, and the legal basis for processing.
Your personal data will be processed for the following purposes:
- Provision of services: to provide you with access to ugcbaltic.com and enable you to benefit from our features, such as sending and receiving gifts (Article 6(1)(b) GDPR).
- Communication and notifications: to send you updates, promotional materials, newsletters, or other platform-related communications, provided you have subscribed to them (Article 6(1)(a) GDPR).
- Customer support: to respond to your requests, questions, and queries regarding our platform and services (Article 6(1)(b) GDPR).
- Service improvement: to analyse your interactions with our platform, enabling us to improve our services, ensure website functionality, and enhance user experience (Article 6(1)(f) GDPR).
- Fulfilment of legal obligations: to comply with legal obligations, such as tax reporting, responding to official requests, and ensuring compliance with applicable law (Article 6(1)(c) GDPR).
Processing purpose | Type of data | Legal basis |
Participant registration and course applications | Name, email, phone number | Contractual basis (GDPR 6(1)(b)) |
Collection and use of UGC video content | Video files, social media content | Consent (GDPR 6(1)(a)) |
Organisation of competitions | Contact details, submitted content | Consent (GDPR 6(1)(a)) |
Processing wishlists and matching with sponsors | Product preferences, categories | Consent (GDPR 6(1)(a)) |
Website performance improvement | Technical data, visit statistics | Legitimate interest (GDPR 6(1)(f)) |
Marketing and newsletters | Email, preferences | Consent (GDPR 6(1)(a)) |
Fulfilment of legal obligations | All applicable data | Legal obligation (GDPR 6(1)(c)) |
5. Video content rights and useBy participating in the UGC Baltic programme and completing the forms, you grant SIA TTW the right to use your video content for the following purposes:
• Marketing and advertising campaigns
• Publication on our and sponsors’ social media channels
• Presentations and other commercial communications
6. Cookie policy 6.1 What are cookiesCookies are small text files stored on your device when you visit our website. They help remember your settings and improve your browsing experience.
6.2 Types of cookies• Necessary cookies — ensure basic website functionality (no consent required)
• Functional cookies — remember your choices and settings (consent required)
• Analytical cookies — collect anonymised statistics on website usage, including Google Analytics (consent required)
• Marketing cookies — allow us to show you relevant advertisements, including Facebook Pixel (consent required)
6.3 How to manage cookiesOn your first visit you will see a cookie notice where you can choose the level of consent. Cookies can also be managed through your browser settings (Chrome, Firefox, Safari, Edge).
7. Transfer of data to third partiesWe do not transfer your personal data to third parties for commercial purposes. Data may be transferred in the following cases:
• To technical service providers (hosting, email services, CRM) — solely within the framework of data processing agreements
• To sponsors and brands — only anonymised data or with your explicit consent for a specific collaboration
• To state authorities — if required by law or a court order
All our service providers are bound by data processing agreements compliant with GDPR requirements.
7.1 International data transfersCertain services (e.g. Google Analytics) may be located outside the European Economic Area. In such cases we ensure an adequate level of protection through standard contractual clauses approved by the European Commission or Data Privacy Framework certification.
8. Your rights as a data subjectUnder the GDPR you have the following rights regarding your personal data:
• Right of access — you may request information about what data we process
• Right to rectification — you may request the correction of inaccurate or incomplete data
• Right to erasure — you may request the deletion of your data where there is no legal basis for retaining it
• Right to restriction of processing — you may request that processing be suspended in certain cases
• Right to data portability — you may receive your data in a structured, machine-readable format
• Right to object — you may object to processing based on legitimate interest or direct marketing
• Right to withdraw consent — you may withdraw consent to processing at any time
9. Security measures 9.1 Technical measuresWe implement advanced technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. Our data security practices are regularly updated in accordance with GDPR standards (Article 32 GDPR).
9.2 Organisational measuresAccess to personal data is restricted to authorised personnel only.
9.3 In the event of a data breachIf a personal data security breach occurs that poses a risk to your rights, we will notify the Data State Inspectorate within 72 hours and inform affected individuals without undue delay.
10. Protection of minorsOur Platform is not intended for persons under the age of 16. We do not knowingly collect personal data from minors without the explicit consent of parents or legal guardians. If we become aware that such data has been collected, we will delete it immediately.
11. Changes to the privacy policyWe may periodically update this policy to reflect changes in our operations or legislation. In the event of material changes, we will:
• Publish an updated version with a note indicating the date of changes
• Notify registered users by email
• Post a notice on the ugcbaltic.com website
12. Right to lodge a complaintIf you believe we are in breach of the GDPR or Latvian personal data protection legislation, you have the right to contact:
Data State Inspectorate• Website: https://www.dvi.gov.lv
• Email: pasts@dvi.gov.lv
• Phone: +371 67223131
• Address: Elijas Street 17, Riga, LV-1050, Latvia
We encourage you to contact us directly first, so that we can promptly resolve any queries.
13. Contact informationIf you have any questions about this Privacy Policy or how your personal data is processed, you can contact us:
Email: thetimetowish@gmail.com
Address: 10 Raznas Street, Lipuski, Makonkalns Parish, Rezekne Municipality, LV-4626
14. GlossaryPersonal data — any information that allows or could allow the identification of a natural person.
Processing — any operation performed on personal data: collection, storage, use, deletion, etc.
Data controller — a person or organisation that determines the purposes and means of processing personal data.
Consent — a freely given, specific, and informed indication of agreement to the processing of data.
GDPR — General Data Protection Regulation (EU) 2016/679.
UGC (User Generated Content) — content created by users, such as video reviews and feedback.
This Privacy Policy is effective from 01.04.2026. We may update it from time to time, and you will be notified of any material changes in accordance with Article 13(3) of the GDPR.
We thank you for your trust and assure you that your privacy is always our primary concern.