SIA “GB Engineering” (hereinafter – the Service Provider), when processing personal data, complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation), as well as other requirements of regulatory enactments in force in Latvia and the European Union.
This Privacy Statement explains how the Service Provider processes personal data, the procedures for exercising the data subject’s rights and issues related to the protection of personal data. The Service Provider’s Privacy statesman applies to all processing of personal data by the Service Provider.
How the Service Provider uses the collected information and personal data
The purposes of the personal data processing of the Service Provider are related to the provision of the busines.
The controller processes personal data mainly for the following purposes:
- customer identification;
- preparation and conclusion of the contract;
- provision / maintenance of services;
- improvement of services and development of new services;
- customer service;
- review and processing of objections / claims;
- settlement administration.
The service provider shall process personal data for the above purposes only if there is a legal basis for doing so in accordance with articles 6 and / or 9 of General Data Protection Regulation.
Legal basis for personal data processing
The service provider processes customers’ personal data on the following legal grounds:
- for concluding and executing a contract – to enter into a contract upon the client’s application and ensure its execution;
- compliance with regulatory enactments – in order to fulfill the obligation specified in external regulatory enactments binding to the Service Provider;
- in accordance with the client’s free and explicit consent.
How the Service Provider processes, protects and stores the user’s personal data
The Service Provider uses various technical and organizational security measures to protect the user’s personal data. The user’s personal data is stored securely and is available to a limited number of people, only authorized persons who need this information in the course of their duties.
Recipients of the user’s personal data are the Service Provider and its authorized persons, processors, law enforcement or supervisory authorities, as well as the court in the cases and in accordance with the procedures specified in regulatory enactments.
The following criteria are used to determine the period of storage of personal data:
- while the user or the Service Provider may realize his or her legitimate interests in accordance with the procedures specified in external regulatory enactments (for example, review of claims, protection of rights, resolution of issues, bringing a claim to court, etc.);
- as long as there is a legal obligation for either party to retain the data;
- as long as the processing of personal data is necessary for the purpose.
Once the above criteria are not applicable to the processing of personal data, the user’s personal data will be deleted.
What are the user’s rights?
Right to information. At the request of the user, the Service Provider shall provide information on the processing of his personal data by the Service Provider in a concise, transparent, and comprehensible manner, using clear and simple language.
The right to access your personal data. At the request of the user, the Service Provider provides information on whether personal data is / is not processed, as well as in case if personal data is processed – provides information on the set of processed personal data.
Right to rectify data. Based on a reasonable request of the user, the Service Provider ensures the correction of the user’s personal data if they are inappropriate, incomplete, or incorrect.
Right to data portability. The service provider shall provide the user with the possibility to receive his personal data provided by the user and processed on the basis of consent and performance of the contract in writing or in one of the most commonly used electronic formats, if possible, to transfer such data to another service provider.
Right of erasure (right to be “forgotten”). The User has the right to request and the Service Provider is obliged to delete personal data without undue delay if the personal data is no longer necessary or usable for the purposes for which they were collected and processed, if the user has withdrawn his consent to personal data processing and no other legal basis for processing, if the user has objected to the processing of personal data and after re-evaluation of legitimate interests, the Service Provider acknowledges that there is no legal basis for data processing, personal data is deleted in accordance with the requirements of regulatory enactments.
Right to restrict processing. The user has the right to request a temporary restriction of personal data processing in accordance with regulatory enactments, in cases where the user has established inaccuracies in his / her personal data and the Service Provider needs time to check the accuracy of the data.
Right to object. The user has the right to object to the processing of his personal data if the processing is related to profiling for direct marketing purposes or is based on the legitimate interests of the Service Provider and the user questions this legal basis.
The right to automated individual decision-making. The data subject has the right not to be subject to fully automated decision-making, including profiling, if such decision-making has legal consequences or similarly significantly affects it.
Right to withdraw consent. The user’s has the right to withdraw his/ her consent given to the Service Provider for the processing of personal data.
The right to receive information about a personal data breach. The service provider shall, without undue delay, notify the user of a data breach in the processing of personal data, if the breach may pose a high risk to the user’s rights and freedoms.
The user has the right to submit complaints about the processing of personal data performed by the Service Provider to the Data State Inspectorate (www.dvi.gov.lv), if the user considers that the processing of personal data violates the user’s rights and freedoms in accordance with applicable laws and regulations.
Communication with the user
In matters related to the processing of personal data, the user may contact Service Provider by writing to e-mail [email protected] or sending his question to the legal address of the Service Provider Rožu iela 7, Rožupe, Rožupes pagasts, Līvānu novads, Latvija, LV-5327, marked “Data Protection Specialist”.
The Service Provider evaluates and executes the user’s requests related to the exercise of data subject rights within one month from the moment of receiving the request.
The Service Provider has the right to unilaterally make additions to the Privacy Statement by posting the current version on the Service Provider’s website. The Service Provider retains previous versions of the policy and they are available to visitors to the Service Provider’s website.