good
SIA “ZAB Skrastiņš un Dzenis”, registration number 40203314489, legal address: Blaumaņa Street 10-4, Riga, LV-1011, website: www.skdz.lv (hereinafter – the Office), while providing legal assistance to its Clients can act both as a data controller and as a data processor.
The Office is a controller within the meaning of Article 4 (7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter – the Regulation) regarding any Personal Data of the Client that the Office has collected from the Client or regarding the Client, independently determining the purposes and means for the Processing of such Personal Data.
The Office is a processor within the meaning of Article 4 (8) of the Regulation regarding the Personal Data of a data subject that has been collected and provided by the Client to the Office for purposes related to the performance of the agreement for the provision of legal assistance (hereinafter – the Agreement) (e.g., Personal Data of other data subjects included in the documents provided by the Client). The Office shall process the Personal Data of other data subjects on behalf of the Client and in such a case, the Client shall certify that it has the authorization to provide other data subjects’ Personal Data to the Office and that the Personal Data of other data subjects have been collected and processed in accordance with the applicable data protection legislation. The Client shall be obliged to provide the Office with all necessary instructions for Processing Personal Data and to provide accurate and up-to-date Personal Data of other data subjects.
The privacy policy of the Office (hereinafter – Privacy Policy) provides information on how the Personal Data is processed by the Office when acting as controller within the meaning of the definition in Article 4 (7) of the Regulation.
This Privacy Policy is applicable when the Client visits Office’s premises, website, and/or uses, has used, or has expressed a desire to use legal Services provided by the Office, or if the Client is in any way associated with such Services, including before this Privacy Policy enters into force.
The Office implements and provides appropriate technical and organisational measures to ensure that the Client’s Personal Data Processing is consistent with the requirements of the regulatory enactments governing the Processing of Personal Data (including, but not limited to, the Regulation), and to protect Personal Data against unauthorised access, accidental or unlawful alteration, unauthorised disclosure of, loss, destruction, including implementing measures against risks arising from physical exposure and measures implemented by software means.
If the Client does not agree with the Privacy Policy or some of its terms, the Client shall not be required to provide Personal Data to the Office. In cases where the Client does not provide the Office with Personal Data necessary for the performance of the Agreement or Services, as well as for the performance of the obligations set out by law, the Office has a legal basis to refuse, in whole or in part, to provide the Services to the Client.
If the data provided by the Client has changed or if the Client’s information to be processed by the Office is inaccurate or incorrect, the Client has the right to request that information be changed, updated, or corrected. The Office does not assume responsibility for inaccurate, incomplete, or erroneous data submitted by the Client.
Processing – any operation or set of operations that is performed on Personal Data or sets of Personal Data, whether or not by automated means (including collection, use, recording, organisation, structuring, storage, alteration, disclosure, or other action-making Personal Data available, retrieval, destruction, etc.). The definition corresponds to the definition laid down in Article 4 (2) of the Regulation.
Office – SIA “ZAB Skrastiņš un Dzenis”, registration number: 40203314489, legal address: Blaumaņa street 10-4, Riga, LV-1011, website: www.skdz.lv, which acts as a Personal Data controller.
Client – any natural person (including a shareholder of a legal person, a member of the board, a representative of the company, or the true beneficiary) who visits the Office’s premises, website www.skdz.lv, and/or uses, has used, or has expressed a desire to use or relate to the Services provided by the Office.
Agreement – legal assistance agreement, concluded between the Office and the Client.
Services – provision of legal assistance to the Client.
Personal Data – any information regarding a natural person which, directly or indirectly, allows that person to be identified. The definition corresponds to the definition laid down in Article 4 (1) of the Regulation.
Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), in force from 25 May 2018.
AML law – Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing of the Republic of Latvia, in force from 13 August 2008.
The Office carries out the Client’s Personal Data Processing according to the following basis and purposes for the Personal Data Processing:
The categories and types of processed Personal Data | The legal basis for the Processing | The purposes of the Processing |
Identification data (name, surname; personal identity number of the Republic of Latvia (if any); date of birth); information regarding the passport or identity card (document number; date of issue; issuing authority; issuing State); contact details (address); information about the true beneficiary of the Client. If the true beneficiary is a resident of Latvia: name, surname; personal identity number; date of birth; nationality; country of residence.If the true beneficiary is a non-resident of Latvia: name, surname; date of birth; passport or identity card number and date of issue; State and institution that has issued the document; nationality; country of residence. | Processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller under Article 6 (1) (e) of the Regulation. | To comply with the requirements of Section 2, Paragraph two, and Section 13.1 of the Law on International Sanctions and National Sanctions of the Republic of Latvia, by examining the information in the register maintained by the Financial Intelligence Unit: https://sankcijas.fid.gov.lv and in the website of the Ministry of Foreign Affairs: https://www.mfa.gov.lv/lv/sankcijas, and to ensure considerate risk management and management of the economic activity of the Office, in accordance with the internal procedures of the Office (Annex to the rules of the Internal Control System, “Sanctions Questionnaire for Natural Persons”; Annex to the rules of the Internal Control System, “Sanctions Questionnaire for Legal Persons”). |
Identification data and research data: a personal identification document (copy) providing the following information: – for a resident – name, surname, personal identity number, date of birth, personal photo, number and date of issue of the identification document, state, and institution issuing the document;- for a non-resident – name, surname, personal identity number, date of birth, personal photo, number and date of issue of the identification document, state, and institution issuing the document; Personal Data indicated in the “know your client” questionnaire. If the Client is a resident of Latvia: name, surname; personal identity number; date of birth; declared place of residence; habitual residence (if different from the declared place of residence); telephone; e-mail; occupation; position. If the Client is a non-resident of Latvia: name, surname; personal identity number of the Republic of Latvia (if any); date of birth; information on the passport or identification card: number and date of issue of the identification document, state, and institution issuing the document; place of residence; phone number; e-mail address; occupation; position. Name, surname, position held, address of correspondence, phone number, and e-mail address of the contact person (regarding the transaction). Information about the true beneficiary of the Client. If the true beneficiary is a resident of Latvia: name, surname; personal identity number; date of birth; nationality; country of permanent residence; a way of earning income. If the true beneficiary is a non-resident of Latvia: name, surname; date of birth; passport or identity card number and date of issue; state and institution issuing the document; nationality; country of permanent residence; a way of earning income. Information about a politically significant person, a member of the family of a politically significant person, or a person closely associated with a politically significant person: the country of residence, the institution in which the person works; the position held. Information on the planned transaction (purpose and nature of the planned transaction; the number of planned transactions (if applicable); amount of the planned transaction (if applicable); a form of payment within the planned transaction (cash/transfer) (if applicable); origin of the funds to be used in the planned transaction. | Processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller under the first subparagraph of Section 5.2 of the AML law and Article 6 (1) (e) of the Regulation. The Office does not provide the data subject with information on the Processing of data performed under the obligations set out in the AML law and which is related to money laundering, prevention, terrorism, and proliferation financing prevention, except publicly available data. | Personal Data shall be processed in order to meet the requirements of Section 10 of the Law on the Activity of Real Estate Agents and requirements of the AML law, when performing the Client research according to the AML law’s Section 11, Paragraph one, Clause 1 (before establishing the business relationship – before provision of continuous legal assistance), Clause 2 (before an occasional transaction – before provision of a specific legal assistance if (i) the amount of transactions of the Client or the total sum of several seemingly linked transactions is EUR 15 000 or more or is in a foreign currency which according to the exchange rate to be used in accounting at the beginning of the day of executing the transaction is equivalent to or exceeds EUR 15 000; (ii) transfer of funds is being made, including also the credit transfer, direct debt transfer, non-account holder money transfer, or transfer made by a payment card, electronic money instrument, mobile telephone, digital or another information technology device, and exceeds EUR 1000; (iii) foreign currency cash purchase or sale transaction is executed the amount of which or the total sum of several seemingly linked transactions exceeds EUR 1500), Clause 5 (if there are suspicions of money laundering, terrorism and proliferation financing or an attempt of such actions), Clause 6 (if there are suspicions that the previously obtained Client’s due diligence data is not true or appropriate), Clause 7 (if virtual currency is used in the transaction), Section 11.1, Paragraphs one and three (Client’s due diligence measures and risk factors) and Section 20 (supervision of business relationships and occasional transactions and liability of the subject of the law), in order to comply with Section 11.1, Paragraph 6 of the AML law (obtaining and documenting information on the purpose and intended nature of the business relationship), Section 11.1, Paragraph 7 (repeated Client’s due diligence), Section 12 (identification of natural persons and document check in the Register of Invalid Documents: https://www.latvija.lv/epakalpojumi/ep22), Section 13, Paragraph one, Clause 3 and Paragraph one prim, Clause 3 (identifications of legal persons, where, inter alia, natural persons representing a legal person must be identified), Section 14 (making of copies of personal identification documents), Section 18 (determination of the beneficial owner), Section 20 (supervision of business relationships), Section 25 (business relationship with a politically exposed person, a family member of a politically exposed person and a person closely associated to a politically exposed person, by checking the respective information in the database of politically significant persons held by the State Revenue Service: https://www6.vid.gov.lv/PNP) and Section 28 (contact information in order to request additional information) and in order to ensure considerate risk management and management of the economic activity of the Office, in accordance with the internal procedures of the Office (Internal control system rules, annex “Client questionnaire (for natural persons)”, annex “Client questionnaire (for legal persons)”).Processing is carried out in cases where the Office, acting on behalf and for the benefit of the Client, provides legal assistance in the planning or execution of transactions, takes part in them, or carries out other business-related professional activities for the benefit of the Client in respect of any of the following transactions: buying and selling of immovable property, shares of commercial company capital,managing the Client’s money, financial instruments, and other funds, opening or managing all kinds of accounts in credit institutions or financial institutions,establishment, management, or provision of operation of legal persons or legal arrangements, as well as in relation to making contributions necessary for the establishment, operation, or management of a legal person or a legal arrangement;provision of consultations or material assistance in tax matters or agent services in the provision of such assistance, regardless of the frequency of the provision thereof and the existence of remuneration;in other cases in accordance with Section 2 of the AML law when the Office considers it necessary to prevent money laundering, financing of terrorism, and proliferation. |
Client’s due diligence data: additional information about the Client and its true beneficiary; additional information on the planned nature of the transaction; additional information on the Client’s transactions and their conformity to the Client’s specified economic activity; information on the origin of the funds and welfare of the Client and its true beneficiary; information on the objective of the expected or carried out transactions. | Processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller under the first subparagraph of Section 5.2 of the AML law and Article 6 (1) (e) of the Regulation. The Office does not provide the data subject with information on the Processing of data performed under the obligations set out in the AML law and which is related to money laundering, prevention, terrorism, and proliferation financing prevention, except publicly available data. | Personal Data shall be processed to meet the requirements of Section 10 of the Law on the Activity of Real Estate Agents and requirements of the AML law when performing the Client’s enhanced due diligence:under Section 22, Paragraph two of the AML law, upon establishing and maintaining the provision of legal assistance or executing occasional legal assistance with a Client who has not participated in the onsite identification procedure in person, except in the case when the following conditions are fulfilled: the Office ensures adequate measures for mitigating the money laundering and terrorism and proliferation financing risks, including drafting of policies and procedures and carrying out staff training on the performance of remote identificationthe Client identification, using technological solutions including video identification or secure electronic signature, or other technological solutions, is being performed to the extent and under the 3 July 2018 Regulations No. 392 of the Cabinet of Ministers of the Republic of Latvia.under Section 22, Paragraph two of the AML law when establishing and maintaining the provision of legal assistance or executing occasional legal assistance with a Client who is a politically exposed person, a family member of a politically exposed person, or a person closely associated with a politically exposed person; under Section 22, Paragraph two, and Section 25.1, Paragraph one of the AML law, when establishing or maintaining the provision of legal assistance or executing occasional legal assistance it is found that the Client is from a high-risk third country;in other cases of provision of legal assistance or executing occasional legal assistance to the Client, if it is found that there is a high risk of money laundering, terrorism financing or proliferation, or the risk of circumvention of international or national sanctions,to ensure considerate risk management and management of the economic activity of the Office, in accordance with the internal procedures of the Office (Internal control system rules, annexe “Client risk assessment form”). Processing is carried out in cases where the Office, acting on behalf and for the benefit of the Client, provides legal assistance in the planning or execution of transactions, takes part in them, or carries out other business-related professional activities for the benefit of the Client in respect of any of the following transactions: buying and selling of immovable property, shares of commercial company capital,managing the Client’s money, financial instruments, and other funds, opening or managing all kinds of accounts in credit institutions or financial institutions,establishment, management, or provision of operation of legal persons or legal arrangements, as well as in relation to making contributions necessary for the establishment, operation, or management of a legal person or a legal arrangement;provision of consultations or material assistance in tax matters or agent services in the provision of such assistance, regardless of the frequency of the provision thereof and the existence of remuneration;in other cases, in accordance with Section 2 of the AML law, when the Office considers it necessary to prevent money laundering, financing of terrorism, and proliferation. |
Information collected during the Client’s due diligence (Client’s case file on paper and electronically) (including Client’s identification data, a copy of the Client’s identification document); Results of the Client’s due diligence, as well as available information obtained using electronic means of identification, and certification services within the meaning of Article 1 (10) of the Electronic Document Act under Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC or other technological solutions in the amount and according to the procedures specified by the Cabinet of Ministers of the Republic of Latvia;Information on the Client, the Client’s declaration on the true beneficiary as well as the chain of its controlling entities; Client’s declaration on the status of a politically exposed person, a family member of a politically exposed person, or a person closely associated with a politically exposed person; Information on all the payments of the Client; Information on the Client’s par domestic and international transactions, domestic and international occasional transactions, and such accounts; Information on the source of funds and welfare of the Client and the Client’s true beneficiary;Communication with the Client, including e-mail conversations; The filled-out annexes of the Internal Control System;Other documents obtained during the Client’s due diligence;Information on the applications to the Financial Intelligence Unit, the State Revenue Service, and the State Security Service. | Processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller under the first subparagraph of Section 5.2 of the AML law and Article 6 (1) (e) of the Regulation. The Office does not provide the data subject with information on the Processing of data performed under the obligations set out in the AML law and which is related to money laundering, prevention, terrorism, and proliferation financing prevention, except publicly available data. | For the Office to ensure the obligation to keep documents following the procedures specified in Section 37, Paragraph two, and Paragraph four of the AML law. |
Identification data (name, surname, personal identification number);Information on a suspicious transaction (a description of a suspicious transaction (either planned, announced, consulted, initiated, postponed, or performed), identification of the persons involved in the transaction, amount, time, and place of a transaction, copies of documents certifying a transaction, where such documents are at the disposal of the Office; justification why the Office considers a transaction suspicious). | Processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller under Article 6 (1) (e) of the Regulation. The Office does not provide the data subject with information on the Processing of data performed under the obligations set out in Section 22.2 of the Law on Taxes and Fees except for publicly available data. | For the Office to identify the Client in accordance with the procedures specified in the Law on Taxes and Fees and to store information regarding the Services provided to the Client, as well as to provide information to the State Revenue Service regarding suspicious transactions in accordance with the procedures specified in Section 22.2 of the Law on Taxes and Fees. |
Identification data (name, surname, personal identification number);The case file on the Client | Processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller under Article 6 (1) (e) of the Regulation. | For the Office to ensure the obligation to identify the Client to avoid conflict of interest, to keep accounts of the Client’s case files, and to comply with ethical principles (the sworn advocate may not engage in or support criminal activities), in accordance with the procedures specified in Clause 2.2, 8.1, and 9.1 of the code of ethics of Latvian Sworn Advocates, Section 11, 51, 59, and 65 of the Advocacy Law of the Republic of Latvia and Clauses 1.4 and 3.4 of the Terms of Record Keeping of Advocates. |
The Client’s image that is processed during video surveillance. | Processing is necessary to protect the vital interests (safety and health) of the Client and other natural persons and to exercise the legitimate interests of the Office. | Ensuring public order and security;Ensuring the safety and health of the Client and other natural persons (visitors and employees of the Office premises);Ensuring the security of the Office’s premises and property;Defending the legal claims and legitimate interests of the Office;Securing evidence and detecting and preventing illegal activities. |
Identification and research data: Client’s name, surname, personal identification number, date of birth, data on the identification document (passport data, ID data, and the respective copies of the documents); information on the true beneficiary, information whether the Client is/is not a politically exposed person, a family member of a politically exposed person, or a person closely associated with a politically exposed person;Contact information: phone number, e-mail address, place of residence, the language of communication;Data on the employment or economic activity (occupation, position held); Financial data (name of the bank, account holder, number of the account). | Processing is performed at the request of the Client (data subject) prior to the conclusion of the Agreement, the performance of the Agreement, and the provision of the Services. | Identifying the Client and carrying out the KYC (“know your client”) procedure;Communication with the Client and general management of the Office’s relations with the Client, as well as providing and administering access to the Services: providing the Services and ensuring that Personal Data is up-to-date and accurate by verifying and supplementing the data. |
Client’s Personal Data in court proceedings (preparatory process for trial and trial) | Performance of the Agreement and provision of the Services. | Representing the Client, defending the client, and providing legal assistance in court. |
Other legal actions performed at the request of the Client | Performance of the Agreement and provision of the Services. | Representing the Client, defending the client, and providing legal assistance. |
Agreement documentation and documentation related to Services (including Agreement; Applications submitted by the Client, requests, complaints; notifications sent to the Client, warnings, etc.). | To fulfil a legal obligation applicable to the controller (requirements for document storage, archiving, accounting; requirements arising from the Consumer Rights Protection Law regarding entering into the Agreement, the receipt of the Services, and exercise of the right of withdrawal and other requirements specified in regulatory enactments relating to the economic activities of the Office as a controller). | Keeping accounts, storing documents, archiving, etc. |
Identification data (name, surname, personal identification number, place of residence). | To pursue the Controller’s legitimate interests (establishing rights of claim). | Establishment, enforcement, protection, and transfer of claim rights, as well as securing evidence against claims for non-compliance of the Services, as well as for the provision of evidence against a potential claim arising from a delict. |
Identification data (name, surname, personal identification number); Contact information (phone number, e-mail address, place of residence). | Personal Data is processed in accordance with the Client’s consent to Processing their Personal Data. | Management, analysis, development, and improvement of Client relations;Statistical and market research for analysis of the effectiveness of advertising and conducting surveys and studies concerning the Services offered by the Office. |
Correspondence (communication) and device data: data in notifications, e-mails, visual images, video and/or audio recordings, and other correspondence and interaction data; Data is collected when the Client visits the Office’s website or through other Office’s channels (Facebook, LinkedIn); Data on habits, choices, and satisfaction, e.g., Service usage activity, Services used, personal settings, questionnaire replies, Client satisfaction:technical information (e.g., device type, Internet Protocol (IP) address, and Internet Service Provider (ISP) used to connect the device to the Internet; registration information; browser type and version; time zone settings, browser plug-in types, and versions, operating system and platform, screen resolution, location, font encoding;visit information, including full single resource URLs, clickstreams to, through, and from the website (including date and time); viewed or searched information; reference/exit pages, files viewed on the website (e.g. HTML pages, graphics, etc.), page response times, download errors, specific page visit duration the duration, page interaction information (such as scrolling, clicks, and mouse redirection) and methods used to leave the page, date/time stamp and/or clickstream data, and any phone number used to contact the Office’s representative. | Performance of the Agreement and provision of the Services;To protect the Client’s vital interests (Personal Data);To protect the legitimate interests of the controller (performance of management functions, Monitoring, developing, and improving quality of Services and/or Client service quality, testing of the website and digital environment; development of information security, technical and IT infrastructure, prevention of the misuse of Services, the proper execution of the Services, including the prevention of fraudulent actions; to establish claim rights); Client’s consent to the Processing (inter alia, cookies are used when visiting the website).Client’s consent to automated Processing of Personal Data, including profiling. | General management of Client relations, provision of access, and administration of the Services: providing the Services, ensuring that Personal Data is up-to-date and accurate by verifying and supplementing the data; Keeping records on the Client’s case file;Development of information security, technical and IT infrastructure;Prevention or detection of criminal offences related to the protection of property owned or used by the Office (including the protection of the website);Performance of management functions (business strategy, risk management, and business management);Monitoring, developing, and improving quality of Services and/or Client service quality; assessing productivity;Prevention of the misuse of Services, the proper execution of the Services, sanctioning and controlling access to and operation of digital channels, preventing unauthorised access and misuse, and ensuring the security of information;Improving technical systems, IT infrastructure, adapting the display of the Service on devices, and developing Office Services, e.g., by testing and improving technical systems and IT infrastructure;Preparing personalized and customized information; providing more user-adapted Services. |
The Client’s Personal Data may be obtained directly from the Client, from the Client’s use of the Services (when performing video surveillance, the Office records visual images; the Office saves e-mail communication, documents the Client’s interaction and communication with the Office) as well as from external sources, including public and private registers, databases and publicly accessible trusted websites (through KYC (“know your client”) procedure) and from third parties in the cases specified in regulatory enactments.
The Client is informed that for the purposes (objectives) of Processing the Personal Data described above, the Office collects and transfers the Client’s Personal Data to controllers Processing Personal Data on behalf of the Office and to third parties (independent controllers), including but not limited to:
When the Office receives and transfers the Personal Data of the Client to processors who process Personal Data on behalf of the Office, the Office shall take all necessary steps to ensure that the Processing of Personal Data by data processors is carried out under the Agreement, regulatory enactments and documented Office’s instructions.
When the Office collects and transfers the Client’s Personal Data to third parties (independent data controllers), third parties shall process Personal Data as an independent controller according to their own privacy policies, which shall be available on the home page of the relevant service provider.
In cases specified in regulatory enactments the Office also has obligations to transfer Personal Data to state or local government authorities (e.g., the Latvian Council of Sworn Advocates, the State Revenue Service, the Financial Intelligence Unit, the State Security Service, the State Police, and other law enforcement authorities and financial investigation authorities, courts, out-of-court dispute resolution authorities, insolvency administrators, sworn bailiffs, etc.).
A transfer of Personal Data to a third country or an international organisation may take place in cases where:
In the event of any subsequent transfer, the Office shall respect all other guarantees, in particular the purpose limitations.
The Office also informs that that Google Inc program Google Analytics, which uses cookies stored on the Client’s device to analyse how the Client uses the website, is being used on the Office’s website. The information on how the Client uses the website generated from the cookies is sent to a Google server in the United States of America and stored there. The Client’s IP address, via IP-anonymisation, is truncated within the territory of the European Union or the European Economic Area and may only be released for Processing on Google servers located in the United States of America in exceptional cases. Google uses this information to evaluate how the Client uses the website to prepare activity reports for website providers and to provide other services related to the use of the website and the Internet. Under no circumstances shall Google associate the IP address received here with any other information available to Google. Google may, if necessary, provide this information to third parties if it is statutory or if a third party is Processing the data on behalf of Google.
The Office stores Personal Data in conformity with the purposes (objectives) of Processing the Personal Data, as well as in accordance with the requirements of the Regulation and the regulatory enactments, for as long as any legal basis for the Processing of Personal Data exists, provided that the applicable regulatory enactments do not provide a longer storage period. If the same Personal Data is processed for several purposes, the data shall be stored for the longest applicable storage period.
The storage period of the processed Personal Data may be based on the consent of the Client (data subject) (until its revocation, if there is no other basis for the Processing of Personal Data), based on the Agreement (for securing evidence for any claims relating to the non-compliance of the Services and/or the fulfilment of obligations under the Agreement, as well as for the securing evidence for any potential claims arising from a delict the term of data storage shall be ten years from the date of provision of the Services or execution of the Agreement), based on the legitimate interests of the Office or the legal obligations of the controller arising from the applicable laws and regulations (Section 37, paragraph two of the AML law provides that all information obtained during the course of the Client due diligence, information on transactions of the Client, communication with the Client including e-mail conversations, shall be stored by the Office for five years after termination of the business relationship); regulatory enactments regarding keeping the accounting (basic accounting documents shall be stored for ten years); regulatory enactments regarding the archiving of documents, etc.).
If there is no longer any legal basis for the Processing of Personal Data and the regulatory enactments do not provide for a longer term for the storage of Personal Data, the Office shall delete files containing Personal Data.
Profiling means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
For each visit to the Office’s website, the following information is automatically collected:
Automatic Processing of Personal Data on the Office’s website is carried out to assess certain personal characteristics of the Client and to improve the Client’s experience of the use of the digital services, for example by adjusting the display of the Services on the device used; for the purpose of analysing the Client’s data. Automatic Processing of Personal Data is performed based on the legitimate interests of the Office (risk management, transaction monitoring, fraud prevention), the necessity to fulfil legal obligations, the performance of the Agreement, or the consent of the Client.
The Office may also collect statistical data regarding the Client, including typical behaviours. Statistical data for the establishment of segments/profiles can also be derived from external sources and can be combined with Office’s internal data.
The Office uses video surveillance cameras at the entrance of the Office.
The Personal Data that is processed during video surveillance are visual images and video material.
The Office carries out video surveillance based on its legitimate interest and to protect the vital interests (security and health) of the Client and other natural persons (the Office’s visitors and employees).
The purposes of video surveillance are: to ensure public order and security; to ensure the safety and health of the Client and other natural persons (visitors and employees of the Office); to ensure the security of the Office’s premises and property; to protect the Office’s legal claims and legitimate interests; to secure evidence and to detect and prevent illegal activities.
Personal Data processed in connection with the video surveillance carried out by the Office will be kept for a maximum period of 1 (one) month from the time of recording unless another purpose of Processing arises (e.g., in connection with a criminal investigation).
The Client has the following rights:
The Office’s website uses cookies that collect information about the Client, including whether the Client has previously visited the website, whether the Client is a new user, and what information the Client has viewed on the website. The use of cookies helps improve the services the Office provides, e.g., allowing the Client not to re-enter information that has already been entered. The use of cookies also helps to register the number of visitors and collect statistics and information about how users use services to improve the quality of websites, apps, and services as well as create custom content.
To ensure the protection of the Client’s Personal Data, while communicating with the Client, the Office will carry out personal identification in the following manner. To speed up electronic and telephone service, we suggest the Client ensure a timely and regular updating of its contact information.
Upon receipt of a request from the Client regarding the provision of Personal Data or the implementation of other Client’s rights, the Office shall verify the identity of the Client. For this purpose, the Office is entitled to request the Client to indicate Personal Data and compare whether the data provided by the Client coincides with the relevant Personal Data held by the Office. In carrying out this comparison, the Office is entitled to send a control notification to the telephone or e-mail specified by the Client (in the form of a text message or an e-mail letter), requesting the Client to authorise it. If the verification procedure is not successful (e.g., the data provided by the Client does not match the Personal Data held by the Office or the Client has not made authorization after the sent text message or e-mail letter), the Office will be forced to find that the Client is not the subject of the requested Personal Data and will be forced to reject the request submitted by the Client. Upon receipt of the Client’s request for the exercise of any of the Client’s rights and the successful completion of the verification procedure referred to above, the Office shall undertake without delay, but in any event not later than within 1 (one) month from the date of receipt of the Client’s request and the end of the verification procedure, to provide the Client with information on the activities carried out by the Office under the request submitted by the Client. Given the complexity and number of requests, the Office has the right to extend the 1 (one) month period for a further 2 (two) months, informing the Client by the end of the first month and stating the reasons for such extension of the term. If the Client’s request is submitted electronically, the Office will also provide the reply electronically, except in cases where it is not possible (e.g. due to a large amount of information) or if the Client has requested to reply in another manner. The Office is entitled to refuse to act on the Client’s request if the circumstances specified in the regulatory enactments are met, providing a motivated response and informing the Client thereof in writing. If the Client’s (data subject’s) requests are manifestly unfounded or excessive, particularly due to their regular repetition, the Office as a controller can either: a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or b) refuse to act on the request.
In case of any questions or unclarities relating to the Processing of Personal Data or in cases where the Client wishes to withdraw his/her consent for the Processing of his/her Personal Data, the Office kindly asks the Client to contact the Office by sending a respective message:
– to the Office’s e-mail address: info@skdz.lv, indicating “Protection of Personal Data”.;
– to the Office’s legal address: SIA “ZAB Skrastiņš un Dzenis”, Blaumaņa street 10-4, Riga, LV-1011, indicating “Protection of Personal Data”.
The Privacy policy is available for Clients at the Office’s website: www.skdz.lv. The Office shall be entitled to unilaterally amend the Privacy Policy at any time in accordance with the applicable laws and regulations by notifying the Client of the relevant amendments by publishing an updated Privacy Policy on the website www.skdz.lv.
Disclaimer: This is a translation of the Office’s Privacy policy, the original of which is drafted in the Latvian language. In case of any discrepancies between the text of the Privacy policy in Latvian and English languages, the text in the Latvian language shall prevail.
Reset 'cookies'