The personal data controller is SIA Veiters korporācija, registration No. 40003687196, registered address: Brīvības gatve 445e, Riga, LV-1024, (hereinafter referred to as the "Company").
Company’s contact information regarding matters of personal data processing is: firstname.lastname@example.org. Questions about the processing of personal data can be asked using this contact information or forwarding them to the actual address of the Company: Brīvības gatve 445e, Riga, LV-1024.
Purpose of personal data processing policy
The purpose of this Personal Data Processing Policy is to provide general information about what personal data is processed by the Company, what the purposes and legal basis of the data processing are, in which cases the data is disclosed and how long it is stored for. Detailed information on personal data processing may also be specified in contracts and other documents related to services.
The company's goal when processing personal data is to fully comply with the applicable laws and regulations and ensure the protection of customers' personal data.
The personal data processing policy is applicable to the processing of personal data carried out by the Company, regardless of the form (e-mail, telephone, paper form, etc.) the data is obtained from and from whom (the customer himself/herself, an employee or another person).
Personal data is any information directly or indirectly related to a natural person:
The Company only processes customer personal data to the minimum necessary extent. In order for the Company to be able to fulfil its obligations to a natural person as a customer, employee or partner, the Company needs to process certain personal data. Personal data will only be collected and processed in those cases and to the extent that is necessary for the fulfilment of specific, clearly defined and legitimate purposes. The company undertakes to respect the rights of individuals to the legal processing and protection of personal data, as well as to comply with the requirements of the regulatory enhancements applicable to personal data processing.
The company processes personal data in accordance with Section 7, Clause 2 of the Personal Data Protection Law — the processing of data results from contractual obligations of the data subject or, taking into account a request from the data subject, the processing of data is necessary in order to enter into the relevant contract. Also, the Company processes personal data in accordance with Section 7, Clause 6 of the Personal Data Protection Law — the processing of data is necessary in order to, in compliance with the fundamental human rights and freedoms of the data subject, exercise the lawful interests of the administrator or of such third person that the personal data have been disclosed to. In certain cases, the Company also has the right to process personal data based on the consent of the person according to Section 7, Clause 1 of the Personal Data Protection Law.
The personal data processing policy has been developed in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Forms of personal data acquisition
Personal data can be collected from the natural person himself/herself or from external sources, such as public and private registers or third parties (Land Registers, State Land Service (VZD) Cadaster Database, Office of Citizenship and Migration Affairs (PLMP), etc.).
Usually, the Company obtains personal data directly from a person — from employees, customers and/or partners. There are particularly strict requirements for accessing and processing sensitive personal data.
During cooperation with the Company, including communicating with the Company in all technically and physically possible ways, the Company may obtain personal data in the following ways:
Legal grounds and aim of data processing
The Company shall ensure that there is always a legal basis for the Customers' Personal Data processing. Such legal basis may represent either taking some measures prior to the execution of a contract (collection of data necessary for the contract), execution of the contract concluded with the customer, fulfilment of the Company's legal obligation (e.g., providing answers to state institutions), the Company's legitimate interests (e.g., debt recovery by means of court proceedings, during the insolvency process, submitting applications for criminal offences, conducting surveys, etc.), as well as the customer's consent, which may be required in certain cases (for example, for the provision of commercial communication, if such is meant to be provided).
The legal basis for personal data processing is Section 7, Clause 2 of the Personal Data Protection Law —data processing results from contractual obligations. Also, the legal basis for personal data processing, Section 7, Clause 6 of the Personal Data Protection Law — the processing of data is necessary in order to, in compliance with the fundamental human rights and freedoms of the data subject, exercise the lawful interests of the administrator or of such third person that the personal data have been disclosed to. The Company also processes personal data in cases determined by the regulatory enhancements (incl. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as — if the person's consent is provided.
The personal data obtained will be registered electronically and may be used for the following processing purposes:
Separate consent is required for the processing of sensitive personal data
This refers to personal data related to a person's state of health. The company asks for separate consent to process sensitive personal data on the state of health in order to conclude an insurance contract and fulfil the obligations stipulated in it, send insurance compensation applications, request information and perform monitoring of medical institutions or other third parties.
Processing and transfer of personal data
Personal data processing means any activities related to the processing of Personal Data, including the collection, recording, storage, modification, provision of access, executing queries, transfer, maintenance, etc.
The Company is allowed to disclose personal data to the Company's service providers and partners, helping the Company to realize its legitimate interests. When transferring data, the Company undertakes to ensure that the recipient of the data complies with the security measures for personal data storage.
Disclosure of information to third parties is possible in the following cases:
As far as possible, after receiving a relevant request, the Company will ensure the deletion of personal data in the records of the Company and in the databases of third parties hired by the Company, if these data are no longer necessary for the realization of the purposes for which it was collected, incl. the realization of contractual and legitimate rights.
Data storage and transfer
The Company is obliged to respect data confidentiality. Personal data obtained by the Company about its employees, partners and customers are stored both in paper format and in the Company's information system. The Company only stores the Personal Data for as long as it is necessary for the purpose of such data processing. The storage period may be stated in regulatory enhancements (on accounting, Civil Law and Commercial Law — periods of limitation, etc.). As the purposes of the processing may differ for different Personal Data, the actual storage period may also differ. In practice, personal data is stored for as long as there is reason to believe that claims can be filed in connection with our contractual relationships. Personal data that is no longer necessary for the specific purpose is deleted.
The information provided is stored using secure servers, and in printed form — in locked cabinets. The Company protects personal data by using modern technology, taking into account existing privacy risks and the organizational, financial and technical resources that are reasonably available to the Company. The Company has implemented appropriate technical and organizational measures to protect the Personal Data of its customers from unauthorized access, unlawful Processing or disclosure, accidental loss, alteration, or destruction.
The Personal Data provided may be transferred to the data controllers under the Personal Data processing contract, as well as to other recipients if there is a legal basis to do so. If the Company transfers the Customer's Personal Data for processing to any data processor, the Company shall take the necessary steps to ensure that such data processors process the Personal Data in accordance with the Company’s guidelines and in correspondence with the applicable legal acts, and shall require the implementation of appropriate security measures.
Recipients of the personal data are as follows:
A person's right to information and data correction
The person, as the Data Subject, shall have the following rights with regard to the processing of Personal Data that he/she may exercise upon contacting the Company:
This right shall not be applied if it is necessary to make a decision for the conclusion or performance of a contract with the person, if decision-making is permitted under the applicable laws or if the person has also provided his/her explicit consent by means of conclusive actions.
The person has the right to submit complaints about the Personal Data processing to the Data State Inspectorate), if the person considers that the rights and interests specified in the laws and regulations have been violated.
According to the Personal Data Protection Law, the Company is obliged to disclose information to persons regarding what data the Company has at its disposal about them, as well as regarding those natural or legal persons who have requested and received information about the person from the Company within a certain period of time, except for statutory exceptions. The person has the right to free access to the indicated information.
The person has the right to submit a request for the exercise of his/her rights
Upon the receipt of the person’s request for the exercise of the person’s rights, the Company verifies the identity of the person, evaluates the request and executes it in accordance with the regulatory enactments. The Company sends an answer to the person by mail to the indicated contact address by means of a registered letter, as far as possible, taking into account the way of receiving the answer indicated by the person. The Company ensures the fulfilment of data processing and protection requirements in accordance with the regulatory enactments and in the case of the person’s objections performs actions to resolve the objection.
Obligations of the Data subject
The person is obliged to immediately inform the Company about all changes in his/her personal data (name, surname, address, contact information). The Company has the right to ask the person to submit originals or certified copies of the documents to confirm the changes.