Privacy

Privacy Policy

PRIVACY POLICY AND PERSONAL DATA PROCESSING POLICY

The personal data controller is SIA Veiters korporācija, registration No. 40003687196, registered address: Brīvības gatve 445e, Riga, LV-1024, (hereinafter referred to as the "Company").

Company’s contact information regarding matters of personal data processing is: veiters@veiters.lv. Questions about the processing of personal data can be asked using this contact information or forwarding them to the actual address of the Company: Brīvības gatve 445e, Riga, LV-1024.

Purpose of personal data processing policy

The purpose of this Personal Data Processing Policy is to provide general information about what personal data is processed by the Company, what the purposes and legal basis of the data processing are, in which cases the data is disclosed and how long it is stored for. Detailed information on personal data processing may also be specified in contracts and other documents related to services.

The company's goal when processing personal data is to fully comply with the applicable laws and regulations and ensure the protection of customers' personal data.

The personal data processing policy is applicable to the processing of personal data carried out by the Company, regardless of the form (e-mail, telephone, paper form, etc.) the data is obtained from and from whom (the customer himself/herself, an employee or another person).

Personal data is any information directly or indirectly related to a natural person:

  • name, surname, telephone number, e-mail or residential address of a person;
  • a person and his/her car registration number, car model or insurance details;
  • a person’s bank account number, bank card number, its validity period;
  • information on a person's state of health, blood type or medical history;
  • a person’s passport data: number, personal code, height, nationality or signature;
  • information about a person's income, assets and cash flow;
  • ethnic origin, political views, religious beliefs, sexual orientation, membership in trade unions;
  • a person’s appearance, photo, video material or biometric data and other personal information.

The Company only processes customer personal data to the minimum necessary extent. In order for the Company to be able to fulfil its obligations to a natural person as a customer, employee or partner, the Company needs to process certain personal data. Personal data will only be collected and processed in those cases and to the extent that is necessary for the fulfilment of specific, clearly defined and legitimate purposes. The company undertakes to respect the rights of individuals to the legal processing and protection of personal data, as well as to comply with the requirements of the regulatory enhancements applicable to personal data processing.

The company processes personal data in accordance with Section 7, Clause 2 of the Personal Data Protection Law — the processing of data results from contractual obligations of the data subject or, taking into account a request from the data subject, the processing of data is necessary in order to enter into the relevant contract. Also, the Company processes personal data in accordance with Section 7, Clause 6 of the Personal Data Protection Law — the processing of data is necessary in order to, in compliance with the fundamental human rights and freedoms of the data subject, exercise the lawful interests of the administrator or of such third person that the personal data have been disclosed to. In certain cases, the Company also has the right to process personal data based on the consent of the person according to Section 7, Clause 1 of the Personal Data Protection Law.

The personal data processing policy has been developed in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Forms of personal data acquisition

Personal data can be collected from the natural person himself/herself or from external sources, such as public and private registers or third parties (Land Registers, State Land Service (VZD) Cadaster Database, Office of Citizenship and Migration Affairs (PLMP), etc.).

Usually, the Company obtains personal data directly from a person — from employees, customers and/or partners. There are particularly strict requirements for accessing and processing sensitive personal data.

During cooperation with the Company, including communicating with the Company in all technically and physically possible ways, the Company may obtain personal data in the following ways:

  • When processing information submitted by a person: name; surname; personal number; gender; residence/correspondence address; e-mail; mobile phone number; date of birth and data relevant to the performance of mutual contractual obligations;
  • Summarizing data, including, but not limited to: location data, audit records, video and data streams and any other communication information;
  • Summarizing data that a person provides, filling in any form and information fields, including participating in surveys, discussions and expressing opinions.

Legal grounds and aim of data processing

The Company shall ensure that there is always a legal basis for the Customers' Personal Data processing. Such legal basis may represent either taking some measures prior to the execution of a contract (collection of data necessary for the contract), execution of the contract concluded with the customer, fulfilment of the Company's legal obligation (e.g., providing answers to state institutions), the Company's legitimate interests (e.g., debt recovery by means of court proceedings, during the insolvency process, submitting applications for criminal offences, conducting surveys, etc.), as well as the customer's consent, which may be required in certain cases (for example, for the provision of commercial communication, if such is meant to be provided).

The legal basis for personal data processing is Section 7, Clause 2 of the Personal Data Protection Law —data processing results from contractual obligations. Also, the legal basis for personal data processing, Section 7, Clause 6 of the Personal Data Protection Law — the processing of data is necessary in order to, in compliance with the fundamental human rights and freedoms of the data subject, exercise the lawful interests of the administrator or of such third person that the personal data have been disclosed to. The Company also processes personal data in cases determined by the regulatory enhancements (incl. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as — if the person's consent is provided.

The personal data obtained will be registered electronically and may be used for the following processing purposes:

  • to verify identity for the purpose of establishing contractual obligations;
  • to communicate with the person, incl. to inform them about any changes;
  • to ensure and improve the quality of the provided services;
  • to ensure the fulfilment of the Company's obligations to employees, customers and partners;
  • for statistical research purposes;
  • for extrajudicial debt recovery;
  • exercise and defense of the right of claim in court, filing claims, insolvency or other civil proceedings;
  • reporting on criminal offences;
  • for other purposes related to contractual relationships.

Separate consent is required for the processing of sensitive personal data

This refers to personal data related to a person's state of health. The company asks for separate consent to process sensitive personal data on the state of health in order to conclude an insurance contract and fulfil the obligations stipulated in it, send insurance compensation applications, request information and perform monitoring of medical institutions or other third parties.

Processing and transfer of personal data

Personal data processing means any activities related to the processing of Personal Data, including the collection, recording, storage, modification, provision of access, executing queries, transfer, maintenance, etc.

The Company is allowed to disclose personal data to the Company's service providers and partners, helping the Company to realize its legitimate interests. When transferring data, the Company undertakes to ensure that the recipient of the data complies with the security measures for personal data storage.

Disclosure of information to third parties is possible in the following cases:

  • information on the employee may be transferred to a third party in the case that the Company sells an owned company or its part;
  • Personal data may be processed, stored and transferred to third parties in the manner and to the extent provided for in the mutually concluded agreement and this Policy.

As far as possible, after receiving a relevant request, the Company will ensure the deletion of personal data in the records of the Company and in the databases of third parties hired by the Company, if these data are no longer necessary for the realization of the purposes for which it was collected, incl. the realization of contractual and legitimate rights.

Data storage and transfer

The Company is obliged to respect data confidentiality. Personal data obtained by the Company about its employees, partners and customers are stored both in paper format and in the Company's information system. The Company only stores the Personal Data for as long as it is necessary for the purpose of such data processing. The storage period may be stated in regulatory enhancements (on accounting, Civil Law and Commercial Law — periods of limitation, etc.). As the purposes of the processing may differ for different Personal Data, the actual storage period may also differ. In practice, personal data is stored for as long as there is reason to believe that claims can be filed in connection with our contractual relationships. Personal data that is no longer necessary for the specific purpose is deleted.

The information provided is stored using secure servers, and in printed form — in locked cabinets. The Company protects personal data by using modern technology, taking into account existing privacy risks and the organizational, financial and technical resources that are reasonably available to the Company. The Company has implemented appropriate technical and organizational measures to protect the Personal Data of its customers from unauthorized access, unlawful Processing or disclosure, accidental loss, alteration, or destruction.

The Personal Data provided may be transferred to the data controllers under the Personal Data processing contract, as well as to other recipients if there is a legal basis to do so. If the Company transfers the Customer's Personal Data for processing to any data processor, the Company shall take the necessary steps to ensure that such data processors process the Personal Data in accordance with the Company’s guidelines and in correspondence with the applicable legal acts, and shall require the implementation of appropriate security measures.

Recipients of the personal data are as follows:

  • utility companies providing services to the Company;
  • legal persons and/or institutions that maintain registers containing data or by means of which personal data are transmitted (e.g., population register, Land Register, Land Service, out-of-court debt recovery companies, etc.);
  • related legal persons of the Company;
  • institutions and officials (e.g., law enforcement agencies, sworn law enforcement officers, sworn notaries, taxation authorities, courts, insolvency administrators);
  • auditors, legal services providers, postal services providers, the Company's business partners involved in the provision of services, and other business partners being Personal Data processors.

A person's right to information and data correction

The person, as the Data Subject, shall have the following rights with regard to the processing of Personal Data that he/she may exercise upon contacting the Company:

  • to receive confirmation of whether or not the Personal Data is being processed with respect to the person and, if so, to access such data;
  • to access the corresponding data and receive information on its processing;
  • to request the correction of his/her Personal Data if it is inaccurate, incomplete or incorrect;
  • to request the erasure of his/her Personal Data;
  • to object to the processing of his/her Personal Data if the use of such Personal Data is based on authorized interests, including profiling for direct marketing purposes;
  • to request his/her Personal Data processing to be limited;
  • to receive his/her Personal Data provided by the person in written form or in one of the commonly used electronic formats and, if possible, transfer such data to another service provider (data portability);
  • withdraw his/her consent to Personal Data processing;
  • not to become subject to any fully automated decision making, including profiling, with respect to the customer.

This right shall not be applied if it is necessary to make a decision for the conclusion or performance of a contract with the person, if decision-making is permitted under the applicable laws or if the person has also provided his/her explicit consent by means of conclusive actions.

The person has the right to submit complaints about the Personal Data processing to the Data State Inspectorate), if the person considers that the rights and interests specified in the laws and regulations have been violated.

According to the Personal Data Protection Law, the Company is obliged to disclose information to persons regarding what data the Company has at its disposal about them, as well as regarding those natural or legal persons who have requested and received information about the person from the Company within a certain period of time, except for statutory exceptions. The person has the right to free access to the indicated information.

The person has the right to submit a request for the exercise of his/her rights

  • in written form in person by presenting a personal identification document;
  • by e-mail, by signing the document with a secure electronic signature.

Upon the receipt of the person’s request for the exercise of the person’s rights, the Company verifies the identity of the person, evaluates the request and executes it in accordance with the regulatory enactments. The Company sends an answer to the person by mail to the indicated contact address by means of a registered letter, as far as possible, taking into account the way of receiving the answer indicated by the person. The Company ensures the fulfilment of data processing and protection requirements in accordance with the regulatory enactments and in the case of the person’s objections performs actions to resolve the objection.

Obligations of the Data subject

The person is obliged to immediately inform the Company about all changes in his/her personal data (name, surname, address, contact information). The Company has the right to ask the person to submit originals or certified copies of the documents to confirm the changes.