Personal data processing notice of Latvijas energoceltnieks ltd. To Clients, collaboration parters, and other related parties
1. Information about the controller
The name of our organisation is SIA Latvijas Energoceltnieks, registration number: 40103050565, legal address: Lubānas St. 43, Rīga, LV-1073.
We may be reached at: +371 67241260 or via the following e-mail address: lec@lec.lv.
2. Contact details on personal data protection issues
If you should have any questions related to this notice or the processing of your personal data, please contact us using the contact details stated in the previous paragraph (Paragraph 1) or by contacting our Data Protection Officer via the following e-mail address: dati@lec.lv.
3. A general description of the personal data processing we perform
The purpose of this notice is to give you a general idea of how and why we process your personal data, however, we kindly ask you to keep in mind that other documents (e.g., cooperation agreements, tender documentation) may contain additional information on the processing of your personal data.
This notice describes how we process the personal data of our clients, suppliers, collaboration partners (including sub-contractors), their employees/representatives/contacts, our internet site visitors, company office and construction site visitors, as well as any other persons whose data we may come into possession of, within the scope of our business activities.
We assume that prior to using our website or becoming our client, you have read this notice and agreed to its terms. This is the latest version of the notice. We reserve the right to make amendments to the notice and bring it up to date at any time.
Please keep in mind that the personal data processing provisions contained in this notice apply only to the processing of the data of natural persons.
In addition to these provisions, you may also wish to learn about our cookies policy (available at: www.lec.lv)
We are fully aware of the importance of keeping your personal data safe, therefore we will process your personal data in accordance with confidentiality requirements and take due care to ensure that the personal data that come into our possession are safe with us.
4. Why do we process your personal data and what are the lawful bases for the processing of your personal data?
We only process your personal data in a manner consistent with previously defined legitimate purposes, including:
a) to initiate and provide a service, as well as to fulfil a contract (including a cooperation agreement)
Within the scope of this purpose, we will need to identify you, enable appropriate payment estimates and the payments execution process, contact you about questions related to the provision of a service and/or fulfilment of a contract (including sending of invoices), and, in some cases, ensure debt recovery.
The minimum amount of personal data required to achieve the following purposes: to employ or attract a client/supplier/collaboration partner, enter into and perform a cooperation agreement, identify a client/supplier/collaboration partner, we will need personal data, occupation, and contact details of the client, supplier or collaboration partner (including subcontractors) or their employees/representatives/contacts; to ensure the provision of a service between the company’s employees and a client we will need an address, phone number, e-mail address; to make payments we will need a bank account number, the name of the bank, the date and number of the contract, etc.
Lawful bases for the processing purposes:
- entering into and performing of a contract with the data subject (General Data Protection Regulation, Article 6, paragraph 1, point (b));
- compliance with a legal obligation (General Data Protection Regulation, Article 6, paragraph 1, point (c));
- legitimate interests pursued by the controller (General Data Protection Regulation, Article 6, paragraph 1, point (f)), for example, to identify you as a client, supplier, collaboration partner or their representative/contact/employee, to ensure interaction.
b) to comply with the provisions of the normative acts in the field of the provision/receipt of services or provisions of other normative acts
Within the scope of this purpose, we must comply with the provisions of the Civil Law of Latvia, the regulatory framework for health and safety at work, provisions of the Law on Accounting and Archives Law, norms governing the areas of construction and public procurement, as well as other compliance requirements.
The minimum amount of personal data required to achieve the following purposes: to attract or employ a collaboration partner, enter into and perform a cooperation agreement, we will need personal data and contact details of the client, supplier, or collaboration partner (including sub-contractors) or of their representatives/contacts/employees/, electrical safety classification, site address, documents attesting to the site ownership/rental rights; personal data, job/specialisation, previous work experience and contract values, the number and expiry date of a certificate/document attesting to the appropriate qualifications, contact details of a collaboration partner/building specialist/engineer/architect or others; personal data, number and expiry date of a certificate/document attesting to the appropriate qualifications, contact details of a building custodian/authorship supervisor.
Lawful bases for the processing purposes:
- compliance with a legal obligation (General Data Protection Regulation, Article 6, paragraph 1, point (c));
c) to prevent security risks and threats to our economic interests, and to ensure exercising of other essential legitimate interests of our organisation or a third party
Within the scope of this purpose, we must ensure video-surveillance of our territories, buildings, construction sites, and other property, conduct alcohol, drug, other psychotropic substance breath tests on visitors to prevent intoxicated people from entering the company’s territories and construction sites, employ personal data processors to secure various functions, if necessary, disclose information to courts or other public authorities, exercise our rights contained in the normative acts to ensure the protection of our legitimate interests.
The minimum amount of personal data required to achieve the following purposes: to ensure safety oversight and protection of property, we will need personal data of a client, supplier, collaboration partner or their employee/representative/contact, a person’s visual image (a photo), proof of their actions (behaviour, acts committed within the surveillance cameras’ area), their location and time, other data depending on the circumstances.
Lawful bases for the processing purposes:
- compliance with a legal obligation (General Data Protection Regulation, Article 6, paragraph 1, point (c));
- legitimate interests pursued by the controller (General Data Protection Regulation, Article 6, paragraph 1, point (f)), for example, with an aim to solve crimes, ensure debt recovery, ensure storage of evidence.
d) to ensure proper provision of services
Within the scope of this purpose, we must perform maintenance and improvement of the technical systems and IT infrastructure, use technical and organisational solutions which may use your personal data (e.g., via cookies) with an aim to enable the proper provision of services.
Lawful bases for the processing purposes:
- legitimate interests pursued by the controller (General Data Protection Regulation, Article 6, paragraph 1, point (f));
e) to ensure access control and maintenance of a pass system (including one for vehicles)
Within the scope of this purpose, we collect identity-related data and identify the need for a pass, which is entered into the pass registration journal (including one for vehicles).
f) to record visitors to enable protection of our economic interests, crime investigation and solution, maintenance of public order, and protection of other essential legitimate interests of our organisation or a third party.
Within the scope of this purpose, we collect identity-related data, which must be entered into the visitor registration journal or key registration journal.
5. Who can access your personal data?
We make sure your personal data are processed in compliance with the current regulatory framework, and a third party, without a lawful basis for the processing your personal data, may not gain access to them.
Your personal data may, if necessary, be accessed by:
- our employees or directly authorised persons who need your personal data to perform their work duties;
- personal data processors for the provision of their services, but only to the extent necessary, for example, auditors, outsourced accountants, tax and legal consultants, database creators/technical maintainers, and other persons who are related to the provision of the services of the controller;
- state and municipal authorities in cases stipulated in the normative acts, for example, law enforcement agencies, municipalities, tax administration, sworn bailiffs;
- third parties, provided there is a lawful basis for sharing such data, for example, debt collectors, courts, out-of-court dispute resolution institutions, insolvency administrators, third parties who maintain registers (e.g., population, debtor, or other).
6. Who do we collaborate with in relation to the personal data processing/ What kind of personal data processors do we work with?
We make sure that the processing, protection, and sharing of your personal data with data processors is performed in compliance with the relevant regulatory framework. We choose personal data processors carefully and, in case of sharing your personal data, we very carefully evaluate the need and extent to which we share. We share personal data with a data processor in compliance with the confidentiality and secure processing requirements.
We may collaborate with the following personal data processors:
- outsourced accounting service providers;
- outsourced tax and legal advice providers;
- outsourced security service providers;
- video surveillance system maintainers;
- outsourced IT infrastructure maintenance service providers;
- outsourced document destruction service providers;
- other processor categories if necessary;
- other persons to securing the provision of our services.
Personal data processors may change; should that happen, this notice will be amended accordingly.
7. Will your personal data be transferred to countries outside the European Union (EU) or outside the European Economic Area (EEA)?
We do not transfer your personal data to countries outside the European Union (EU) or European Economic Area (EEA) unless the provision of particular services requires it.
8. How long will your personal data be kept?
Your personal data will be kept for as long as the purposes for which they are processed require keeping them, as well as to ensure compliance with the relevant normative acts.
In order to determine the length of time your personal data are kept, we take into account the provisions of relevant normative acts, contractual obligations, your instructions (e.g., consent), as well as our legitimate interests. If your personal data are no longer needed to fulfil the processing purposes, they will be erased or destroyed.
Below you may see the most common timeframes for which your personal data are kept:
- personal data that we need to perform contractual obligations we keep until the completion of a contract or until other timeframes come to an end (see below);
- personal data that we need to ensure compliance we keep in accordance with the timeframes set out in the relevant normative acts, for example, the Law on Accounting stipulates that source documents must be stored until the day they are needed to determine the beginning of an economic transaction and track its progress, but no less than 5 years;
- data that prove settling of our obligations we keep in accordance with the general statutes of limitation set out in the respective normative acts – ten years in the Civil Law, three years in the Commercial Law, as well as other timeframes, for example, those set out in the Civil Procedure Law in relation to bringing an action.
9. What are your rights as a data subject in relation to the processing of your personal data?
Updating of personal data
If there should be any changes in the personal data you have provided to us, for example, changes in your personal code, correspondence address, phone number or e-mail address, we ask you to contact us and provide us with the updated data so that we are able to achieve the processing purposes.
Your rights to access or rectify your personal data
Under the General Data Protection Regulation, you have the right to demand access to your personal data that we possess and demand rectification, erasure, processing restriction; you may also object to the processing of your personal data; and you also have the right to data portability.
We value your right to access and control your personal data, therefore, in case we receive an application from you, we will provide our reply in compliance with the timeframes set out in the normative acts (usually no later than within a month, unless there is a specific case requiring more time to prepare a reply), and, if possible, we will rectify or erase your personal data accordingly.
You may obtain information on your personal data or exercise your rights as a data subject in one of the following ways:
- by submitting an application in person and identifying yourself at our office located at this address: LubānasSt.43, Rīga, LV-1073, 2nd floor,weekdays 08:00-17:00;
- by submitting an application by post to: SIA Latvijas Energoceltnieks, Lubānas St. 43, Rīga, LV-1073.
- by submitting an application via our e-mail addresses: lec@lec.lv or dati@lec.lv, electronic signature recommended.
Upon the receipt of your application, we will evaluate the content and ways to identify you; depending on the situation we reserve the right to ask for additional means of identification in order to ensure protection of your personal data and disclosure of it to a competent person.
Consent withdrawal
If the processing of your personal data is based on consent granted by you, you have the right to withdraw it at any time, and we will no longer process your personal data for the purpose the consent was granted. However, keep in mind that the withdrawal of the consent may not affect the processing of your personal data when it is required by relevant normative acts, a contract, our legitimate interests, or other lawful bases applicable.
You may, however, object to the processing of your personal data if the processing is based on legitimate interests.
10. Where do you file a complaint in relation to the processing of your personal data?
If you have any questions or an objection with respect to the processing of your personal data performed by our organisation, we kindly ask you to get in touch with us.
If, however, we have not succeeded in resolving the issue, and you think that our organisation has infringed your rights with respect to the processing of your personal data, you have the right to file a complaint with the Data State Inspectorate.
11. Why do you have to provide us with your personal data?
We mainly collect your personal information in order to fulfil contractual obligations, legal obligations, or to exercise our legitimate interests. In these circumstances, we need to obtain certain information in order to achieve certain purposes, and non-disclosure of such information may prevent us from entering into a business relationship or performing a contract. If the processing purpose is to improve a service or give you more favourable terms of the contract and/or a better offer, upon collection we will indicate that the sharing of your personal data is voluntary.
We kindly ask you to view this paragraph in light of Paragraph 4 of this notice.
12. How do we come into possession of your personal data?
We may acquire your personal data in one of the following ways:
- from you upon signing a mutual agreement;
- upon signing an agreement with a third party who has indicated you as a contact/representative/employee;
- from you if you submit an application, send an e-mail, or call us;
- from www.lec.lv via cookies;
- in some circumstances, from third-party databases or third parties, for example, when assessing your creditworthiness, or from video surveillance records.
13. Are your personal data used in automated decision-making?
We do not use your personal data in automated decision-making.