developed according to requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
Curator and its contact information
Curator of processing of personal data is SIA Spikeru Nami (hereinafter referred to as the Company), unified registration No 40103620621, registered office: 1 Katlakalna Iela, Rīga, LV-1073.
Company’s contact information in matters related to processing of personal data is email@example.com.
By using this contact information or addressing the Company at the registered office, you can ask questions on processing of personal data. Request on use of your rights can be submitted according to the procedure provided herein.
Personal data is any information on identified or identifiable natural person – Data Subject, i. e., Company’s employee, customer, cooperation partner or its employee, job applicant.
Identifiable natural person (data subject) is a person that can be directly or indirectly identified, especially by referring to an identifier, e. g., the mentioned person’s name, surname, identification number, location data, online identifier or one or more physical, physiological, genetic, mental, economical, cultural or social identity factors characteristic of the mentioned natural person;
Company cares for privacy and protection of personal data of customers and cooperation partners, observes customers’ rights to lawfulness of processing of personal data according to applicable legal acts – laws of the Republic of Latvia and subordinated legal acts, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation) and other applicable legal acts in the field of privacy and data processing.
Purposes of processing of personal data
Company processes personal data for the following purposes:
Legal basis of processing of personal data
Company processes personal data of its employees, customers and cooperation partners, based on the following legal bases:
Processing of personal data
Processing of personal data is any activity or an aggregate of activities with personal data or an aggregate of personal data performed with or without automated means, e. g., collection, registration, organizing, structuring, storage, adaptation or transformation, recovery, examination, use, disclosure by sending, distributing or otherwise making available, coordination or combination, restriction, deletion or destruction.
Company performs processing of personal data of the data subject, strictly observing Data processing basic principles specified in Sec. 5 of the Regulation.
Company processes data of the data subject using both automated means and possibilities of modern technologies (electronic registers, websites) and without them, taking into account existing privacy risks and organizational, financial and technical resources reasonably available to the Company.
For high-quality and operative provision for performance of obligations under the contract concluded with the customer, Company may authorize Company group companies or its cooperation partners to perform individual goods delivery or service provision activities, e. g., performance of goods delivery works, performance of warranty service works, sending of invoices, etc.. If in performance of these tasks Company group companies or its cooperation partners process the customer’s personal data at the Company’s disposal, respective Company group companies or its cooperation partners are considered the Company’s data processing processors and the Company is entitled to submit the customer’s personal data to the Company group companies or its cooperation partners for performance of such works in such amount as is necessary for performance of these works.
Company’s cooperation partners and Company group companies (in the status of personal data processor) will provide for fulfilment of requirements of processing and protection of the data subject according to the Company’s references and legal acts, and will not use personal data for other purposes besides for fulfilment of obligations under the contract concluded with the customer at the Company’s task.
Protection of personal data
Company protects the Data Subject’s data by using possibilities of modern technologies, taking into account the existing privacy risks and organizational, financial and technical resources reasonably available to the Company, including by using the following safety measures:
Besides, Company is entitled to forbid to employees, cooperation partners and customers to process the Data Subject’s data without its special appointment.
Categories of personal data receivers
Company does not disclose to the third parties the customer’s personal data or any information obtained during provision of services and operation of contracts, except:
Access of subject of the third countries to personal data
Company’s personal data cannot be accessed in the third countries (i. e., in countries outside of the European Union and the European Economic Area) by existing developers or service providers (for the purpose of the Regulation – sending to the third countries) in the status of data processor (operator).
Length of storage of personal data
Company stores and processes personal data of employees, customers (also potential employees or customers, partners), until at least one of the following criteria exists:
When all mentioned conditions expire, personal data are deleted.
Access to personal data and other Data Subject’s rights
Data Subject is entitled to receive from the Company confirmation of whether personal data are or are not processes in respect of the Data Subject, and if they are, Data Subject is entitled to access respective data and receive about them information mentioned in Sec. 15 of the Regulation, i. e., is entitled to request access to his personal data, as well as to request to supplement, correct or delete them, or to restrict processing in respect of the customer, or is entitled to object to processing (including against data processing performed based on the Company’s lawful (legitimate) interests), as well as is entitled to data portability. These rights are realized, unless data processing results from the Company’s duties according to the valid normative acts, which are performed in public interests.
Data Subject may submit the request on use of his rights:
Having received the Data Subject’s request on use of his rights, Company ascertains the Data Subject’s identity, evaluates the request and fulfils it according to normative acts.
Company sends a response to the Data Subject by post to his specified contact address in a recorded letter, taking into account the Data Subject’s specified form of receipt of a response, if possible.
Company provides fulfilment of data processing and protection requirements according to normative acts, and in case of the Data Subject’s objections performs suitable activities to resolve the objection. However, if it fails, Data Subject is entitled to address the supervising institution – State Data Inspectorate, filing the respective complaint to it.
Communication with customers
Company performs communication with customers by using customers’ specified contact information (phone number, e-mail address, postal address, as well as by using text messages from service).
Company performs communication on fulfilment of contractual obligations of services on the basis of the concluded contract (e. g., information on invoices, planned works, changes in services, etc.).
Company performs communication on commercial notices on services of the Company and/or the third parties according to the external normative acts or the customer’s consent.
Consent to receipt of commercial notices of the Company and/or its cooperation partners may be given by the Customer to the Company by sending it to the Company’s e-mail firstname.lastname@example.org.
Customer’s given consent to receipt of commercial notices is valid until revocation (also after termination of the services contract). Customer may at any time refuse to receive further commercial notices in any of the following ways:
Company terminates sending of commercial notices as soon as the customer’s request to revoke the consent to commercial notices is processed.