LLC “PROKS”
PERSONAL DATA PROCESSING STATEMENT
FOR CUSTOMERS AND OTHER RELATED PERSONS
1. Information about data controller
We are LLC “PROKS”, registration number: 40003053457, registered office: G.Astras iela 8b, Riga, LV-1082.
You can contact us by calling to: +371 67138868 or writing to the e-mail address info@proks.com.
2. Contact information for personal data protection inquiries
Should you have any questions regarding this statement or processing of your personal data, you can contact us using the information provided in previous Clause (1) or contact our personal data processing officer by writing to e-mail info@proks.com.
3. General description of the personal data processing performed by us
This statement describes how we process personal data of our customers, customer representatives/contact persons, participants of draws and lotteries, cooperation partners, website visitors and other persons data of whom may become in our possession.
We assume that before using our website or becoming our customer you have read this statement and you have accepted terms and conditions thereof. This is an updated version of the statement. We reserve a right to make amendments and update this notice as needed.
The purpose of this statement is to give you a general outline of our personal data processing operations and purposes, nevertheless, be noted that additional information about processing of your personal data may be provided in other documents (such as service agreements, cooperation agreements, rules of lottery, terms of using the website or portal).
Please be noted that terms and conditions of personal data processing covered by this statement apply only to processing of data of natural persons.
We are aware that you value your personal data and therefore we undertake to process them in line with the privacy requirements and we will take care of the safety of your personal data.
4. What are the purposes for your personal data processing and what is the legal basis for personal data processing?
We will process your personal data only in compliance with pre-defined legal purposes, including:
a) To start and provide services, and to perform and ensure obligations (incl. from cooperation contract) –
For this purpose, we would need to identify you, in order to ensure proper payment calculation and ensure payment process, contact you about provision of services and/or performance of contract in relevant matters (incl. sending of invoices), to enforce outstanding payments as the case may be.
For this purpose and subordinated purposes as stated before, we might require at least the following personal data: name, surname, personal code, address (objects address, postal address, billing address), bank account; phone number, address (postal address, billing address), e-mail address of a customer, contact person of customer and/or cooperation partner.
Main legal reasons for achieving said goals:
- Entering into an agreement with data subject and performance thereof (Article [1] 6(1)(b) of the General Data Protection Regulation);
- Fulfillment of legal obligations (Article 6(1)(c) of the General Data Protection Regulation);
- Legitimate interests of Data Controller (Article 6(1)(f) of the General Data Protection Regulation), for example, identification of you as the customer, contact person of customer and/or cooperation partner, ensuring communication with you.
b) Meeting the requirements stated in the regulatory enactments regarding service provision or requirements laid down in other regulatory enactments
For this purpose, we would need to meet the requirements of both regulatory enactments and law on accounting, law on archive and requirements from other regulatory enactments.
For this purpose, we might need to process the following personal data: Name, surname, personal code, address, object’s address, number of declared residents in the address, e-mail address, telephone number, gender, birth data, areas of interest (garden, cars, children, pets, leasing purchases), number of personal ID document, name of the place of work, position, years of service, net salary of a customer, contact person of a customer and/or cooperation partner.
Main legal reasons for achieving said goals:
Performance of legal obligations (Article 6(1)(c) of the General Data Protection Regulation).
c) Provision of marketing activities
For this purpose, we could send you marketing information and ensure your participation in lotteries and/or draws organized by us, as well as publish materials from the public events organized by us.
For this purpose, we might need to process at least the following personal data: Name, surname, telephone number, e-mail address, gender, date of birth, areas of interest (garden, cars, children, pets, leasing purchases) of customer, contact person of a customer and/or cooperation partner.
Main legal reasons for achieving said goals:
- Data subject consent (Article 6(1)(a) of the General Data Protection Regulation);
- Entering into an agreement with data subject and performance thereof (Article 6(1)(b) of the General Data Protection Regulation);
– Legitimate interests of Data Controller (Article 6(1)(f) of the General Data Protection Regulation), for example, to ensure communication.
d) Prevention of risks to safety and property interest and ensuring our substantial legitimate interests or those of third parties
For this purpose, we would need to ensure video surveillance in our territory, buildings and other properties, record telephone calls, use personal data processors for various functions, and where needed, to disclose information to courts and other public institutions, to exchange information inside the group of companies, to exercise rights granted under the regulatory enactments to ensure one’s legitimate interests.
For this purpose, we might need to process the following personal data: Name, surname, personal code, object’s address, number of declared residents in the address, person’s look (image), location and time, and other data of customer, contact person of customer and/or cooperation partner.
Main legal reasons for achieving said goals:
Legitimate interests of Data Controller (Article 6(1)(f) of the General Data Protection Regulation), for example, to ensure debt recovery for the purposes of money laundering identification.
e) To ensure proper provision of services
For this purpose, we would need to maintain and improve technical systems and IT infrastructure, use of technical and organizational solutions which could involve also your personal data (for example by using cookies) to ensure adequate provision of services.
Main legal reasons for achieving said goals:
Legitimate interests of data controller (Article 6(1)(f) of the General Data Protection Regulation).
5. Who can access your personal data?
We took appropriate measures to process your personal data according to the applicable law and prevent third parties from accessing your personal data where they have no legal basis for processing your personal data.
As required, your personal data could be accessed by:
- Our employees or directly authorized persons who need it for their job duties;
- Personal data processors according the services they provide and only to an extent necessary, for example, auditors, financial management and legal counsels, developer/technical maintenance provider of data base, other persons related to provision of controller’s service;
- State and municipal establishments in cases laid down in the regulatory enactments, for example, law enforcement establishments, tax administration offices, sworn bailiffs;
- Third persons by evaluating carefully if such transfer of data have adequate legal basis, for example, debt collectors, court establishments, extrajudicial dispute settling institutions, bankruptcy or insolvency administrators, third parties maintaining the registers (for example, population register, debtor register and other registers).
6. Which cooperation partners or personal data processors do we chose for personal data processing?
We take appropriate measures to ensure your personal data processing, protection and transfer to data processors in compliance with the applicable laws and regulations. We choose personal data processors carefully and by performing data transfer we evaluate a need for it and amount of data to be transferred. Data transfer to the processors is carried out in line with the requirements of personal data privacy and safe processing.
Currently we can cooperate with the following categories of personal data processors:
- Outsourced accountants, auditors, financial management and legal counsels;
- Owner / developer / technical maintenance provider of IT infrastructure;
- Other persons related to provision of our services;
Personal data processors may change from time to time, and we will make relevant amendments to this document.
7. Are your personal data sent outside countries of the European Union (EU) or European Economic Area (EEA)?
We do not transfer data to countries outside the European Union or European Economic Area.
8. For how long will we store your personal data?
Your personal data will be stored as long as necessary for the purposes of personal data processing, and also according to applicable laws and regulations.
When evaluating the duration of storing the personal data, we consider applicable laws and regulations, performance of contractual liabilities, your instructions (for example, in case of a consent), as well as our legitimate interests. If your personal data are no longer needed for the defined goals, we will delete or destroy them.
Below we indicate the most common terms for personal data storage:
- Personal data required for performance of contractual obligations – we will store them until the contract is performed and other storage terms expire (see below);
- We will store personal data that must be stored as per regulatory enactments in time-frames stated in relevant laws and regulations, for example, the Law On Accounting stipulates that supporting documents must be kept until they are required for identification of the beginning and end of each economic transaction, but not less than 5 years;
- We will store data to prove that we have met our obligations for general prescription period of the claim, according to the statutory prescription periods – 10 years according to the Civil Law, 3 years in the Commercial Law and other periods, considering also terms laid down in the Civil Procedure Law for filing claims.
9. What your rights as a data subject regarding your personal data processing are?
Updating of personal data
In case of changes in your personal data that you have provided to us, for example, changes in your personal code, contact address, telephone number or e-mail, please contact us and provide us with the updated data so that we can achieve the necessary goals of personal data processing.
Your rights to access your personal data and edit them
According to provisions of the General Data Protection Regulation, you are entitled to access your personal data in our possession, request their editing, deletion, processing restriction, object their processing, and rights to data portability according to cases and procedure laid down in the General Data Protection Regulation.
The Company respects your rights to access your personal data and control them, therefore if we receive your request we will reply to it within the time-frame laid down in regulatory enactments (typically not later than within one month, unless there is a special request that takes longer time to prepare an answer) and, if possible, we will edit or delete your personal data respectively.
You can obtain information about your personal data in our possession or implement your data subject rights in one of the following ways:
- By filing a relevant application in person and identifying yourself in our office situated at: Rīga, G.Astras iela 8b, regular working days between 10-16;
- By sending a relevant application to our mail at following address: Riga, G.Astras 8b, LV1082, PROKS SIA
- By sending a relevant application to our e-mail: info@proks.com, preferably signed with a safe digital signature.
Upon receiving your application, we will review its content and a possibility to identify you, and depending on the situation we will reserve a right to ask for additional identification to ensure your data safety and disclosure to relevant person.
Revocation of consent
If your personal data processing is based on the consent you have provided, you are entitled to revoke it any time and we will discontinue processing of your personal data which were previously processed on the basis of your consent. However, we inform that revocation of consent will not affect personal data processing which requires statutory compliance, or which is based on a contract, our legitimate interests or other basis for data processing as stated in laws and regulations.
You can also object your personal data processing if personal data processing is based on legitimate interests or are used for marketing purposes (for example, sending of commercial information or participation in draws).
10. Where can you file a complaint about issues related to personal data processing?
If you have any issues or objections regarding personal data processing by us, please contact us first.
However, if you believe that we have not managed to mutually solve our problem and you believe that we violate your rights to personal data protection, you are entitled to file a complaint to the Data State Inspectorate. You can find application templates for State Data Inspectorate and other related information on the State Data Inspectorate website.
11. Why should you submit us your personal data?
We mainly collect your information to perform the undertaken contractual liabilities, perform legal obligations binding on us and to pursue our legitimate interests. In these cases, we need to acquire certain information to achieve relevant goals, therefore a failure to provide such information may endanger starting a business relationship or performance of a contract. If data are not mandatory but submission thereof would help improve the service or offer you advantageous contractual conditions and/or offers, we will notify before collecting the data that provision thereof is voluntary.
Furthermore, we want to inform you about the main requirements of laws and regulations regarding processing of personal data:
The Law On Accounting requests to provide the following personal data in an economic transaction document (contract), participant of which is a natural person: name, surname, personal code (if person has it), person’s address or, if none specified, declared place of residence.
12. How do we collect your personal data?
We can collect your personal data in one of the following ways:
- By entering into a bilateral contract, acquiring your data personally from you;
- If a contract is signed with third party and it has indicated you as a contact person;
- From you if you submit to us any applications, e-mails, call us;
- From you if you apply for our services online:
- From you when you log in the website www.e-proks.lv or www.tehnoland.lv
- Website www.tehnoland.lv, proks.com through cookies
- In some cases from databases of third persons, for example, when assessing your creditworthiness, we can collect data from third persons to achieve this goal;
- In relevant cases, from video surveillance records;
13. Are your personal data used for automated decision-making?
We will not use your data for automated decision-making.
[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)