We would like to draw your attention to the fact that the Policy may be amended, supplemented, updated, of which we will inform you by posting this information on our website.
We respect your privacy, so the security of your personal data is our priority. We use appropriate organizational and technical means to ensure the continued security of your personal data and the compliance of data processing with the requirements of data protection laws and regulations, as well as our internal regulations.
We comply with the requirements of personal data protection legislation and take care in every data processing process to collect only the information necessary to achieve the purposes set out in this Policy.
The Policy applies to:
1. Natural persons – recipients of services of SIA EKO NAMS, including potential, former and current recipients;
2. Employees of SIA EKO NAMS;
3. Employees of various service providers that provide services to SIA EKO NAMS;
4. Submitters and recipients of correspondence with SIA EKO NAMS;
5. Visitors to the website managed by SIA EKO NAMS.
I. Data Controller and Their Contact Details
The controller of personal data processing is Limited Liability Company EKO NAMS, hereinafter referred to as the Company.
Registered office: Sergeja Eizenšteina iela 53 – 53, Riga, LV-1079, Latvia
E-mail: firstname.lastname@example.org; Phone: +37129214317
II. The Purposes of Personal Data Processing
2.1. The purposes of personal data processing are as follows:
2.1.1. For the provision and administration of log building production, delivery and installation services:
- for customer identification;
- for placing and executing orders;
- for preparation, conclusion and execution of contracts with customers;
- for meeting accounting requirements;
- for settlement administration;
- for debt collection from debtors;
- for reviewing customer objections and quality control purposes.
2.1.2. For the provision of information to public administration institutions and subjects of operational activities in the cases and to the extent specified in external regulatory enactments;
2.1.3. Personnel management, including personnel selection; conclusion and execution of employment contracts; working time accounting; ensuring the calculation of wages and the payment of wages; fulfilment of accounting requirements (execution of relevant source documents, execution of a business trip); provision of social benefits for employees (involvement of cooperation partners so that employees receive insurance); recording and control of the performance of work duties;
2.1.4. Fulfilment of the requirements of regulatory enactments when providing log building production services;
2.1.5. Implementation of the legitimate interests of the Company and its customers: improvement of services, development of new services;
2.1.6. For the maintenance and improvement of websites;
2.1.7. For performing record keeping functions (receiving an application / e-mail / request, registering, sending a reply, etc.);
2.1.8. Processing of the received application / e-mail / request and preparation of the response.
III. The Legal Basis for Personal Data Processing
3.1. The Company processes your personal data on the basis of the following legal bases:
3.1.1. Assessment of the working capacity of the employee (Article 9(2)(h) of the Regulation);
3.1.2. With the consent of the data subject (Article 6(1)(a) of the Regulation);
3.1.3. In cases where the processing is necessary for the pursuit or defense of the Company’s legitimate interests before a court (Articles 6(1)(f) and 9(2)(f) of the Regulation);
3.1.4. In cases where the processing is necessary to secure the Company’s legitimate interests (to organize the efficient provision of services, to receive payment for the services provided) (Article 6(1)(f) of the Regulation);
3.1.5. In cases where processing is necessary for the performance of a contract to which the data subject (employee, customer) is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the Regulation);
3.1.6. For archiving purposes in the public interest or for statistical purposes (Article 6(1)(e) of the Regulation);
3.1.7. Processing is necessary for compliance with a legal obligation to which the Company is subject (Article 6(1)(c) of the Regulation).
IV. Amount of Personal Data to Be Processed
4.1. The categories of personal data processed by the Company depend on the purposes and type of data processing:
|Purpose of personal data processing||Personal data|
|Provision and administration of log building production, delivery and installation services||Name, surname, personal identity number (other personal identification number), declared or actual address of residence, bank account information and contact information (phone number, email address), order information (service description, number, frequency, volume, place of supply), contract number, contract registration date, settlement information (invoice number, date, amount, invoice receipt method, payment date, debt amount, debt recovery / collection information.|
|Personnel selection||All information included in the CV submitted by the candidate, as well as information obtained from persons who have provided references on the candidate based on their consent. In case the candidate is invited for a job interview, the information provided during the job interview, the completed tests and other tasks.|
Employee’s name, surname, personal identity number, address, phone number, email address, position, salary, hours worked, bank account number, periods of sick leave, number of children and their years of birth, work experience, information on education and qualifications, language skills, and other information containing personal data related to personnel management and information provided in the candidate’s CV. Employment and career history, health information (compulsory health check data), training, ethical violations, etc.
|Performing the record keeping function||
As part of receiving, processing an application, request, email and sending a reply: Name, surname, personal identity number, address, age, gender, date of birth, email address and other information that the data subject indicates in their application / attaches thereto.
|Prevention and detection of criminal offenses relating to the protection of property, ensuring order and security in a building and territory||Image of natural persons, appearance, visually recorded behavior / movements, place of recording of person’s image (room, location of camera), time of recording of person’s image (date, time, start and end of recording).|
4.1.1. When a data subject receives log building production, delivery and installation services, in accordance with the requirements of regulatory enactments, the Company is obliged to process the information identifying the data subject and information related to the volume / amount of services used;
4.1.2. When communicating with the Company in writing, the content and time of the communication may be saved, as well as information about the communication tool used (email address, phone number, etc., address information specified in the e-registration system);
The Company may store and process the following types of your personal data for data processing purposes:
|Categories of personal data||Examples|
|Identification data||Name, surname, personal identity number, date of birth, data of the identity document.|
|Contact information||Declared address of residence, phone number, email addresses, etc.|
Identifying information; information related to the service used – frequency, type, amount, number, etc.
Name, surname, position, information about the specialist’s education, achievements, work invested in the respective specialty, reports, correspondence, etc. Employment and career history, health information, compulsory health check data, training, ethical violations, etc.
|Financial data||Bank account number, waybills, salary or remuneration amount, other payment data on the Company service used.|
|Management function data||Applications, agreements, orders, etc.|
4.2. As part of the provision of services, the Company may obtain additional information from the Data Subject and other third parties that are necessary solely to provide the service in the highest quality.
4.3. Specific amount of information depends on the specifics of the respective service to be provided, the purpose of data processing and the applicable regulatory enactments that regulate the conditions for the provision of the service.
V. Categories of Recipients of Personal Data
5.1. Categories of recipients of personal data: data subject, the Company and its authorized employees and processors, state and local government institutions in cases specified in regulatory enactments, law enforcement and supervisory authorities, courts.
5.2. Your data may be transferred to your relatives only with your authorization and consent.
5.3. In order to ensure the safety of the Company’s rights, employees, third parties and property, data may also be transferred to other competent institutions or law enforcement authorities, but only if it is necessary in accordance with applicable laws and regulations, in the cases and in accordance with the procedures specified in these laws and regulations.
5.4. The data processors involved by the Company may process your personal data only according to our instructions and may not use them for other purposes or transfer them to other persons without our consent. Such persons may include database software maintainers, database administration service providers, data center maintenance providers, and cloud computing service providers. In each case, we provide data processors only with the amount of data necessary to perform a specific task or provide specific services. In addition, they must ensure the protection of your data in accordance with the requirements of applicable laws and regulations and the written agreement concluded with us, which provides, among other things, for the permanent deletion of any of your data after the performance of the task assigned by us or termination of cooperation.
VI. Transfer of Personal Data to a Third Country or to an International Organization and Automated Decision Making
6.1. The Company does not intend to send personal data to third countries or international organizations.
6.2. Automated decision making is not performed in the Company.
VII. Rights of the Data Subject
7.1. You have the right to receive our confirmation as to whether we process your personal data, as well as the right to access your personal data that we process, information about the purposes of data processing, the category of data processed, the category of data recipients, the data processing period, data sources, as well as their meaning and consequences.
7.1.1. We provide most of this information to you in this Policy.
7.1.2. If the information provided in this Policy is not sufficient for you, you can always contact us using the contact information provided in Paragraph 1 of this Policy.
7.2. If the data at our disposal has changed or you see that the information we process about you is inaccurate or incorrect, you have the right to request that this information be changed, clarified or corrected.
7.3. In cases where we process your data on the basis of your consent, you have the right to withdraw your consent at any time, and the processing of data based on your consent will be terminated. Such processing will not be interrupted if it is required by law or an order of the competent authority or if the nature of the processing makes this impossible.
7.4. In any situation, we may keep your consent and proof of it for a longer period, if it is necessary to be able to protect our rights in connection with claims and complaints against us.
7.5. If you believe that we are processing your data in violation of the requirements of personal data protection legislation, we invite you to contact us directly.
7.6. If you are not satisfied with our answer and justification or you do not consider that we are taking the necessary measures, you have the right to lodge a complaint with the supervisory authority, which is the Data State Inspectorate in the Republic of Latvia (www.dvi.gov.lv/; Blaumaņa iela 11/13-15, Riga, LV-1011).
7.7. You have the right to object to the processing of personal data if the personal data is processed on the basis of our legitimate interests.
7.8. If there are appropriate circumstances referred to in the personal data processing legislation, for example, if personal data is processed illegally, the legal basis for data processing is lost, you have the right to request that we delete your personal data. If you wish to exercise this right, please submit a written request to us.
7.9. In the event that the personal data we process is used for other purposes mentioned in this Policy and the legal basis for their processing is not consent, we may retain the relevant information to ensure that other purposes are achieved.
7.10. If there are relevant circumstances referred to in the data processing laws and regulations, for example, if the personal data is processed illegally, you question the accuracy of the data, you file objections to data processing based on our legitimate interests, you have the right to restrict your data processing.
7.11. You have the right to request portability of the data that you have submitted to us in electronic form. Upon receipt of your request for data portability, we will ensure the exercise of your rights by issuing the data in a widely used and computer readable format or by sending your requested data in electronic form to the addressee of your choice, following the information provided in your request.
7.12. In an effort to protect the personal data of all our data subjects from unauthorized disclosure, we will need to verify your identity when we receive your request for data or in order to exercise your other rights. For this purpose, we may ask you to present an identity document, as well as, if the request concerns the person you legally represent – birth certificate, power of attorney or other proof of representation, unless the situation allows you to comply with your request without such verification. If you do not prove your identity and / or representation, we will reject the request you submitted.
7.13. Upon confirmation that you are entitled to fulfilment of your request, we undertake to provide you with information on the progress of the fulfilment of your request without delay, but no later than one month after the receipt of your request and the end of the verification procedure.
7.14. If your request is made by electronic means, we will also provide you with a reply by electronic means, unless this is not possible, for example due to the large amount of information or if you ask us to reply in another way.
7.15. If we are forced to reject your request due to the circumstances specified in the regulatory enactments, we will inform you in writing about the refusal, duly substantiating it.
7.16. If the reply is sent by mail, it shall be addressed to the data subject (the person whose personal data is requested) and sent as a registered letter. If the reply is provided electronically, it shall be signed with a secure electronic signature (if the application has been submitted with a secure electronic signature).
7.17. The data subject has the right to receive free of charge one copy of their personal data processed by the Company. The receipt and / or use of such information may be restricted in order to prevent adverse effects on the rights and freedoms of others (including the Company’s employees).
VIII. Security of Personal Data
8.1. We use a variety of security technologies and procedures to protect your personal data from unauthorized access, use or disclosure. Personal data is available only to those persons who need it for the performance of their duties and only to the extent necessary. All persons who have access to health and genetic data have signed non-disclosure agreements and are informed about personal data protection rules and receive regular training.
8.2. The service providers we choose are carefully selected, and we require them to use appropriate means to protect the confidentiality of your data and ensure the security of your personal information. However, if the information is transmitted over the Internet or mobile communications, its security cannot be fully guaranteed, so you must independently assess the risks associated with the confidentiality of the information and bear it if you decide to provide us with any information in the ways specified.
IX. Storage of Personal Data
9.1. The Company shall store personal data in accordance with its nomenclature of cases for no longer than is necessary to achieve the relevant purpose of personal data processing.
9.2. When selecting the criteria for the storage of personal data, the Company shall take into account the following circumstances:
9.2.1. Whether the term of storage of personal data is determined or follows from the regulatory enactments of the Republic of Latvia and the European Union;
9.2.2. For what periods it is necessary to keep the relevant personal data in order to ensure the realization and protection of the legitimate interests of the Company or a third party;
9.2.3. Until the consent of the person to the processing of personal data has been revoked and there is no other legal basis for the processing of the data, for example, in order to fulfil the binding obligations of the Company.
9.3. When providing log building production, delivery and installation services, the Company complies with special regulatory enactments that determine its obligation to retain certain data. If you want to get detailed information, please contact the Company using the contact information above.
9.4. Records of incoming and outgoing communication (emails, letters) to ensure compliance with the Company’s legitimate interests will be kept for a period not exceeding five years, unless the communication in question reflects potentially unlawful conduct or conduct likely to assist the Company or third parties to safeguard their legal interests. In this case, the document in question may be kept until the legal interest has been secured.
9.5. Video recordings shall be kept for a maximum of 30 days (from the moment of making the recording) or until the securing of the legitimate interest, if they reflect an act or inactivity that may be the basis for pursuing the legitimate interest. In such cases, the relevant record is cut out and retained until the legitimate interest is pursued.
9.6. At the end of the storage period, personal data will be permanently deleted, unless there is an obligation to store them in accordance with regulatory enactments.
9.7. Your personal data specified in this Policy can only be stored for a prolonged period if:
9.7.1. It is necessary for us to be able to secure the protection of our rights in relation to claims, complaints or demands;
9.7.2. There are reasonable suspicions of illegal activities, which require an investigation;
9.7.3. Your data is necessary for proper handling of a dispute or complaint.
X. The Need to Provide Personal Data
The obtained personal data is used for the provision of the respective services and realization of the Company’s operations, to the extent necessary for it, in accordance with the requirements of regulatory enactments. In case personal data is not provided, the Company has no legal basis to provide the relevant service to the data subject.