Policy for Processing of Data

Policy for Processing of Data

The present policy for processing of data of customers, business partners, and visitors informs how the Controller carries out processing of the personal data of customers and business partners (incl. their representatives), visitors, and other persons (hereinafter each also referred to as the Data Subject) in accordance with the General Data Protection Regulation (hereinafter referred to as the Regulation).

1) Data controller

The data controller for processing of the Data Subject’s personal data is SIA “LATGRAN”, registration number: 45403013135, registered address: Aizkraukles novads, Jaunjelgava, Meža iela 4B, LV-5134, Latvia (hereinafter referred to as the Controller).

2) Purposes and Legal basis for Data Processing

The Controller may process personal data of customers, business partners, visitors, and other persons for the following purposes.
 
Purpose of data processing: Legal basis of data processing:
Conclusion and performance of contracts, identification of persons

Subparagraph (b) of paragraph 1 of Article 6 of the Regulation – necessary for entering into a contract. Failing to provide the required information may result in possibility of the Controller being unable to enter into a contract with the Data Subject.

If the Data Subject is a representative or a contact person of a customer or a business partner, then the legal grounds for processing is subparagraph (f) of paragraph 1 of Article 6 of the Regulation – processing is carried out based on the legitimate interests pursued by the Controller to ensure possibilities of performance of a contract and verify representation rights of the person.

Video surveillance Subparagraph (f) of paragraph 1 of Article 6 of the Regulation – processing is carried out based on the legitimate interests pursued by the Controller in ensuring protection of legal interest and property of the Controller, and protection of vital interests of persons, including life and health.
Recording of phone conversations Subparagraph (f) of paragraph 1 of Article 6 of the Regulation – processing is carried out based on the legitimate interests pursued by the Controller in ensuring collection of evidence.
Recording of speeding violations (if a device for measing speed of traffic and speeding is installed in the Controller’s territory). In case of speeding the information about violation is also delivered to the person whom the Data Subject represents. Subparagraph (f) of paragraph 1 of Article 6 of the Regulation – processing is carried out based on the legitimate interests pursued by the Controller in organizing and monitoring speed of the traffic in the Controller’s territory, thus ensuring safety of the Controller’s territory, protection of property and protection of persons’ life and health.

If the Controller processes personal data of the Data Subject for purposes other than those specified in the table above, the Controller shall ensure that such processing is compatible with the purposes for which the personal data were obtained.

3) Data Categories

In order to accomplish the purposes of the data processing, the Controller may, inter alia, process the following personal data of the Data Subject.
 
Purpose of data processing: Personal data categories processed:
Conclusion and performance of contracts, identification of persons First name, last name, personal identification number or date of birth, contact information; if the Data Subject is a representative of a customer or a business partner – also representation rights, position of the Data Subject and other necessary information.
Video surveillance Visual appearance of the Data Subject, location and time.
Recording of phone conversations Voice and phone number of the Data Subject, information provided during the phone conversation.
Recording of speeding violations Visual appearance of the Data Subject, location of the incident, speed and licence plate of the vehicle. According to the data available, first name and last name of the Data Subject (driver of the vehicle) and other information are identified

4) Categories of Data Recipients

The Controller may disclose personal data of the Data Subject to third parties in the scope as necessary for achievement of specific purposes and there are legal grounds for that.

The Controller may disclose the personal data of the Data Subject to the following data recipients, among other:

a) Companies of the Controller’s group, insofar it is necessary for accomplishment of administrative purposes;
b) Government institutions, authorities, administrative authorities, courts, prosecutor’s office, tax administration authorities etc.;
c) Business partners of the Controller, such as auditors, legal counsels, debt collectors, court bailiffs, other experts and advisors;
d) Processors of personal data and other persons who provide the Controller with such services as accounting services, IT system and maintenance services, video surveillance services, vehicle monitoring, advertising, marketing and other services, as a result of which processing of the Data Subject’s personal data is performed.

5) Timelines for Storage of Data

The Controller will store the Data Subject’s personal data for as long as it is necessary for performance of legitimate purposes of the Controller for the period of time set out by law, as well as for a certain period for it to be able to defend its legitimate interests (for example, to effect defence against possible claims against the Controller).

Data of customers and business partners may be stored for the needs of accounting for up to 10 years after termination of the contract, as well as for as long as the obligations arising on of the respective contracts are valid.

If a speeding violation is recorded in the Controller’s territory on the device for measurement and recording of the speed, the respective personal data will be stored up to 2 years after the time the violation has been perpetrated.

The timeline for storing video surveillance records made in the Controller’s territory is up to 40 days.

Phone call records are stored up to 40 days.

Request of the Data Subject and responses provided may be stored up to 5 years.

In case the personal data are necessary for resolution of a dispute, then the respective personal data will be stored until resolution of such dispute and/or finalization of litigation, or until the lapse of applicable statute of limitation (the statute of limitation of transactions set by the commercial law is 3 years, whereas the general statute of limitation under the Civil Act is 10 years).

6) Rights of the Data Subject

The Data Subject has the following rights in cases stipulated by the Regulation:

1) access his/her data;
2) request correction and erasure of personal data;
3) request restriction of data processing;
4) request the right to portability of the data;
5) object to data processing;
6) revoke the consent given;
7) not to be subject to automated decision-making (including profiling).

The Data Subject has a right to lodge a complaint to the Data State Inspectorate (www.dvi.gov.lv) if he or she is of an opinion that the Controller has processed his or her personal data unlawfully.

Please bear in mind that in order to fulfil a request of the Data Subject the Controller may need to process additional personal data for the purpose to identify the filer of the request (in cases when it is necessary in order to fulfil the request of the Data Subject).

7) Contact Information

In case the Data Subject has any questions about processing of his or her personal data, as well as any requests and complaints can be lodged by the Data Subject to the Controller by sending to email address: latgran@latgran.com, or using the contact information below:

SIA “LATGRAN”
Registration number: 45403013135
Registered address: Aizkraukles novads, Jaunjelgava,
Meža iela 4B, LV-5134, Latvia

The latest updates to the policy for processing of data of customers and business partners were made on 19 March 2021.

Languages