Privacy policy
“Latvijas automoto biedrība” Association
reg. No. 40008002673
privacy policy
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), “Latvijas automoto biedrība” Association ensures fair and secure processing of personal data.
This Privacy Policy, hereinafter referred to as the Policy, describes the procedure by which “Latvijas automoto biedrība” Association, hereinafter referred to as the Company, processes personal data as their controller and processor.
This Policy shall apply if the customer uses, has used or has expressed a wish to use the services provided by the Company or is otherwise related to the services provided by the Company, including in a relationship with the customer established prior to the entry into force of this Policy.
Definitions:
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor – “Latvijas automoto biedrība” Association, legal address: Riga, Raunas iela 16B, LV-1039.
Controller – “Latvijas automoto biedrība” Association, legal address: Riga, Raunas iela 16B, LV-1039.
Actual address of the service provision: according to the type of service and the contract concluded.
Customer – a natural person who uses, has used, or has expressed a wish to use any of the services provided by the Company or is in any other way related to them.
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a last name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject – an identified or identifiable natural person (data subject).
Applicable law relating to the processing of personal data
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
Personal Data Processing Law.
This Policy provides general information about how the Company processes personal data. More detailed information on the processing of personal data is provided to customers in contracts and other documents related to the Company’s services.
The Company shall ensure confidentiality of personal data within the framework of the applicable laws and regulations and has implemented appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing or disclosure, accidental loss, alteration or destruction.
The Company may use personal data processors for the processing of personal data. In such cases, the Company shall take the necessary measures to ensure that such personal data processors process personal data in accordance with the Company’s instructions and in compliance with applicable laws and regulations, and shall require the implementation of appropriate security measures.
The Company provides car assistance services to customers and customers of business partners, as well as travel medical assistance services in the Republic of Latvia and abroad, including in third countries that are not part of the European Union and the European Economic Area.
What personal data is processed and for what purposes?
The Company shall only process personal data which is necessary for the purposes for which it is processed.
The purposes of the processing of personal data of the Company have been assessed and approved in the Data Processing Register and are as follows:
Regarding to the processing of employees’ personal data:
For personnel records;
For calculating and paying salaries, bonuses.
Regarding to the processing of customers’ personal data:
To provide car assistance services to customers and customers of business partners.
To provide travel medical assistance services.
More information on personal data protection measures can be obtained by submitting a respective application to the Company.
What is the legal basis for the processing of personal data?
The legal basis for the processing of personal data is the legitimate interests of the Company – providing services to customers upon their request.
In all forms of data processing carried out by the Company, the data is obtained from the customer. The information obtained shall be processed fairly and lawfully by the Company and shall only be used for the purposes set out in this Privacy Policy and under no circumstances shall the information provided by the customer be used for purposes other than those set out in this Privacy Policy.
The Company’s legitimate interests shall include the processing of personal data in accordance with the contractual relationship with the customer and business partners, as well as marketing activities.
The Company is entitled to process personal data in order to comply with the requirements of laws and regulations, as well as to provide answers to legitimate requests of the state and local government.
The Company is entitled to process personal data in order to protect the vital interests of the customer or another natural person, for example, if the processing is necessary for humanitarian purposes, for monitoring natural and man-made disasters, particularly, epidemics and their spread, or in humanitarian emergencies (acts of terrorism, cybercrime, manmade disasters, etc.).
The Company is entitled to process data in order to perform a task carried out in the public interest or in the exercise of official powers lawfully conferred on the Company. In such cases, the basis for processing personal data is included in the laws and regulations.
Disclosure of personal data
The Company’s business partners shall process personal data only in accordance with the instructions provided by the Company and may not use it for other purposes not related to this Privacy Policy. These companies are required to protect the personal data provided by the customer in accordance with the laws and regulations and the Company’s cooperation agreement.
In order to fulfil its legal obligation, the Company shall have the right to transfer the customer’s personal data of the customer to law enforcement authorities, as well as to state and municipal authorities upon their request, if provided for by any of the laws and regulations. The Company may transfer personal data of its customers to law enforcement authorities, as well as to state and municipal authorities in order to defend its legitimate interests in accordance with the procedure established by laws and regulations.
The Company processes personal data in the European Union/European Economic Area. However, the Company’s service providers and business partners are located in various countries around the world. Sometimes the Company may need to send information to a company located outside the European Economic Area. In such cases, the Company shall use its best endeavours to keep the personal data secure in order to be able to rely on the adequacy decisions of the European Commission. These decisions mean that the European Union considers that national laws or regulations ensure adequate protection of personal data. In the absence of an adequacy decision, the Company shall enter into a contract containing standard conditions or other approved conditions, codes of conduct, certificates, etc. adopted by the European Union.
Confidentiality and data security
Confidentiality is very important to the Company, therefore appropriate technological and organisational measures are in place to protect the personal data provided by customers.
Public security procedures shall comply with applicable external laws and regulations governing the protection of personal data.
All employees of the Company are trained and comply with confidentiality, security and personal data protection requirements.
Access to customer data is provided only to authorised employees of the Company and, in certain cases, to the Company’s business partners on a contractual basis.
The Company shall respond to all customer objections regarding data processing and shall take steps to address customer objections.
If the Company does not respond to the customers’ objections or complaints related to the processing of personal data provided by the customer to the Company, then the customer has the right to lodge a complaint about the processing of the customer’s personal data with the supervisory authority Datu valsts inspekcija (Data State Inspectorate). Contact information: Riga, Blaumana iela 11/13-15, phone: 67223131, e-mail: info@dvi.gov.lv.
Data storage period
Personal data will be processed only for as long as it is necessary for the purpose of the processing. The storage period may be based on the contract with the customer, the Company’s legitimate interests or applicable laws and regulations (e.g. accounting, anti-money laundering, statute of limitations, civil rights, etc.).
The Company shall store the personal data of the customers, the processing of which is determined by a valid regulatory act, until the expiry of the term specified in the regulatory act, and such data shall not be deleted upon the customer’s request.
Rights of the data subjects (natural persons)
In accordance with the applicable laws and regulations governing the protection of personal data, data subjects have the following rights:
- the right to restrict the processing of personal data,
- the right to withdraw consent to the processing of personal data,
- the right of access to personal data,
- the right to edit or erase customers’ personal data from the Company’s systems, unless the Company has a legal basis to continue processing customers’ personal data.
Should the customer (data subject) notify the Company of a wish to exercise one of these rights, the Company shall respond to this request within one month of receipt of the request.
The customer (data subject) may contact the Company to obtain information about the personal data held by the Company about the data subject, to confirm or correct them. Customers have the right to request the deletion of personal data held by the Company, unless this request is in contradiction with the laws and regulations in force in the Republic of Latvia.
The customer (data subject) may at any time amend the personal data provided. In this case, the customer should contact the Company by phone on 1888, or send a letter to the legal address of the Company: Riga, Raunas iela 16B, LV-1039, or to send an e-mail to pieteikumi@lamb.lv.
Respectfully,
The Board of the “Latvijas automoto biedrība” Association