JOINT STOCK COMPANY “SAKRET HOLDINGS”
AND ITS GROUP OF COMPANIES WITH LIMITED LIABILITY “SAKRET” AND SIA “SAKRET PLUS”
Personal data is processed in compliance with the laws and regulations in force in the Republic of Latvia, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free circulation of such data and which repeals Directive 95/46/EC (General Data protection regulation) (hereinafter – the Regulation), as well as other regulatory acts in the field of privacy and personal data processing.
- GENERAL TERMS
1.3. Terms and abbreviations used:
1.3.1. SAKRET – AS “SAKRET HOLDINGS”, unified registration no. 40103251030;
1.3.3. Manager – a company of the SAKRET group to which a natural person (data subject) has submitted his personal data. The manager processes personal data and determines the purposes and means of processing, as well as is responsible for the processing of personal data in accordance with the requirements set forth in regulatory acts.
1.3.4. Data subject – a natural person who can be directly or indirectly identified and whose personal data is at the Manager’s disposal (for example, an employee, applicant, customer, authorized representative, contact person, and other persons not listed here).
1.3.5. Personal data – any information that directly or indirectly refers to an identified or identifiable natural person (Data subject).
1.3.6. Personal data processing – any activity performed with Personal data (for example, data collection, recording, storage, modification, access provision, request, transfer, copying, deletion, etc.)
1.3.7. Consent – any freely given, specific, conscious and unambiguous expression of the Data Subject’s will, with which the Data Subject expresses consent to the processing of his Personal Data for a specific purpose.
1.3.8. Website – sakret.lv
1.4. The Manager of personal data is the SAKRET group company that has the Personal Data of the Data Subject at its disposal. Personal data is processed by the Personal Data Managers:
1.4.1. Joint-stock company “SAKRET HOLDINGS” – Reg. No. 40103251030, legal address: Ropažu district, Stopiņu parish, Rumbula, “Ritvari”, LV-2121, e-mail address [email protected].
1.4.2. Limited liability company “SAKRET” – Reg. No. 40003622109, legal address: Ropažu district, Stopiņu parish, Rumbula, “Ritvari”, LV-2121, e-mail address [email protected].
1.4.3. SIA “SAKRET PLUS” – Reg. No. 40003749392, legal address: Ropažu district, Stopiņu parish, Rumbula, “Ritvari”, LV-2121, e-mail address [email protected].
- SOURCES OF PERSONAL DATA COLLECTION
2.1. The Manager can receive personal data in various ways, for example:
2.1.1. The data subject himself submits his personal data, for example, buys goods and/or services, requests information or submits an application for consideration of a specific question or request, visits the company’s territory and/or premises, etc.
2.1.2. Personal data is obtained when the Data subject visits the Internet site, the Data subject fills in the contact form, leaves his contact information, etc. on the Internet site, including social networks.
2.1.3. Personal data is obtained from other sources, such as publicly available registers of the recruitment company, law enforcement authorities, etc.
- PURPOSES OF PERSONAL DATA PROCESSING
3.1. The Manager processes Personal Data only for specific and necessary purposes, based on certain legal grounds, including our legitimate interests, for example:
3.1.1. conclusion and execution of the contract for the sale of goods/service provision/delivery; maintaining contact information, ensuring communication with the client; tax accounting and control of contributions. For this purpose, the Manager processes the following Personal data: name, surname; personal contact information (phone number, e-mail address); residential address (for VAT invoice); billing data (if the service is provided to the company by a natural person);
3.1.2. Administering the selection of candidates (Curriculum Vitae (CV)) for vacancies. For this purpose, the Manager processes the following Personal data: name, surname; date of birth (age); place of residence; personal contact information (phone number, e-mail address); information about the candidate’s education (educational institution, study period, education/qualification); information about the candidate’s additional education (training, courses, seminars, obtained certificates, etc.); information about the candidate’s work experience (workplace, length of service, work duties); information on language skills, driving experience, other information provided by the candidate in his CV, application letter or other documents attached to the application; recommendations, reviews (contact persons, content of recommendations or reviews).
3.1.3. Debt management. For this purpose, the Manager processes the following Personal data: name, surname; personal identification number/date of birth; payment history; address; other debt-related information.
3.1.4. Administration of applications, comments and complaints. For this purpose, the Manager processes the following Personal data: name; personal contact information (phone number, e-mail address); the content of the application, comment or complaint.
3.1.5. Ensuring the safety of our employees and other Data Subjects, prevention and detection of criminal offenses in connection with the protection of property (video surveillance). For this purpose, the Manager processes the following Personal Data: Picture. Face recognition and (or) analysis technologies are not used in video surveillance systems, with their help the recorded video data are not grouped or profiled according to a specific data subject (person). The Data Subject is informed about the video surveillance to be carried out by means of informative signs with a video camera symbol and the Manager’s details, which are installed before entering the monitored territory and (or) room. The video surveillance field does not include premises where the Data Subject expects complete confidentiality of Personal Data.
3.1.6. For other purposes. The Manager is entitled to process Personal Data for other purposes as well, (i) if the Data Subject has given Consent, (ii) Personal Data must be processed for the legitimate interests of the Manager, (iii) the Manager is obliged to process Personal Data in accordance with regulatory enactments.
3.2. In any of the mentioned cases, the Manager processes Personal Data in a proportionate and necessary, sufficient amount and only to the extent that the specific purpose of Data Processing allows it.
- DURATION OF STORAGE OF PERSONAL DATA
4.1. The Manager does not store personal data longer than is necessary for the purpose of data processing or longer than it is stipulated in external regulatory acts. The Manager stores and processes the personal data of the Data Subjects as long as at least one of the following conditions exists:
4.1.1. as long as there is an obligation to store data defined in external regulatory enactments, for example, when fulfilling the obligations defined in regulatory enactments regarding bookkeeping;
4.1.2. while the contract concluded with the Data Subject is valid;
4.1.3. while the Manager realizes his legitimate interests (for example, consideration of claims, protection of rights, resolution of issues, maintenance of claims in court or observance of statute of limitations, etc.);
4.1.4. video surveillance data is stored no longer than 30 (thirty) days after its recording. After the above-mentioned term, the relevant data is deleted, except for cases when a specific video recording has been requested by the law enforcement authority for the investigation of criminal offenses during its storage period, or when recording signs of a criminal offense, the Manager or the Manager’s employees have threatened the health, life or property, the relevant recording has been separately preserved as evidence, which can be used to protect the Manager’s rights and interests in accordance with the procedure specified in regulatory acts.
- TRANSFER/DISCLOSURE OF PERSONAL DATA
5.1. The Manager ensures the confidentiality of Personal data, in accordance with the requirements of the applicable laws and regulations and the implementation of appropriate technical and organizational measures to protect Personal data from illegal access, disclosure, accidental loss, modification, destruction or other illegal processing.
5.2. The Manager is entitled to transfer personal data to its personal data processors who provide certain services to the Manager. The Data Processor receives from the Manager only such amount of Personal Data as is necessary for the performance of a specific task or provision of a specific service. The Data Processor processes Personal Data only in accordance with the Manager’s instructions and does not use them for other purposes. The Manager cooperates only with processors that provide sufficient guarantees that appropriate technical and organizational measures will be implemented, that the processing will comply with the requirements of the Regulation and that the rights of the Data Subject will be protected.
5.3. Personal data may be transferred to law enforcement authorities, other state and local government authorities, based on a written request and/or an obligation imposed on the Controller in regulatory acts.
- RIGHTS OF THE DATA SUBJECT
6.1. The data subject has the right to receive the information specified in the regulatory acts in connection with the processing of his data, including the right to request the Manager to access his personal data, as well as to request their addition, correction or deletion (the right “to be forgotten”), or the restriction of processing in relation to the Data the subject, or the right to object to processing, the right to data portability, as well as to file a complaint with the data protection monitoring institution (Data State Inspectorate (www.dvi.gov.lv) regarding the use of Personal data, if the Data Subject believes that its rights and interests have been violated in accordance with the laws and regulations applicable to the protection of personal data.
6.2. The data subject can submit a request to the Manager for the exercise of his rights:
6.2.1. in written form by appearing in person at the Manager’s legal address (clause 1.4);
6.2.2. using e-mail – by signing a letter with a secure electronic signature and sending it to the Manager’s e-mail address specified in point 1.4 of this policy;
6.2.3. by sending a written letter to the Manager at its legal address.
6.3. Upon receiving the Data subject’s request, the Manager verifies the identity of the Data subject, evaluates the request and fulfils it in accordance with the regulatory enactments. In order for the Data Subject to receive information about himself, the Manager will need to identify the Data Subject, as the Manager cannot provide information to a person without making sure that the information is provided directly to the Data Subject. Depending on each specific situation, the Manager may ask the Data Subject to prove his identity with a personal identification document.
6.4. The data subject has the right to receive free of charge information about his/her personal data being processed.
6.5. The receipt and/or use of information about oneself may be limited in order to prevent adverse effects on the rights and freedoms of other persons (including employees of SAKRET group companies) or in cases where the provision of data is prohibited by external regulatory acts.
6.6. If the information requests are manifestly unfounded or excessive, in particular due to their regular recurrence, the Manager may either: a) request a reasonable fee, taking into account the administrative costs associated with providing information or communication or performing the requested action, or b) refuse to comply request.
6.7. In the request for receiving video surveillance data, the Data Subject shall also indicate:
6.7.1. the date, time and place when the video material was taken;
6.7.2. description of the situation or events (in which video surveillance data of the Data subject is recorded);
6.7.3. A description of the visual image of the Data Subject, which includes information about the clothing and belongings that were with the Data Subject and the specific location of the Data Subject at the time the video material was taken;
6.7.4. other information that is essential for identifying the requested data.
6.8. The Manager reserves the right not to release the material obtained during video surveillance in cases where such release of data would affect other data subjects and there would be no technical possibility to release information without infringing the rights of other data subjects; require an excessive commitment of time, personnel or financial resources due to their size or complexity.
- WEBSITE VISITS AND COOKIES
- OTHER TERMS