I. INFORMATION ABOUT THE DATA MANAGER AND ITS CONTACT INFORMATION
1. The RIGVIR GROUP and its connected companies (SIA Rigvir, SIA Latima, SIA Medservice Agency, the Aina Muceniece Virotherapy Foundation) registered at the following legal address (Riga, Teātra iela 9-7, LV-1050) is the manager of your personal data.
2. Contact information for questions regarding the processing of your personal data is as follows:
2.1. In writing: Teātra iela 9-7, LV-1050, Latvia;
2.2. Online: www.rigvir.com
2.3. By e-mail: firstname.lastname@example.org ;
3. Contact information to report a possible violation of data protection regulations: email@example.com.
II. GENERAL INFORMATION
5. General characteristics of the personal data processing that has been performed:
5.1. The processing of personal data takes place in accordance with all confidentiality requirements while ensuring the security of the personal data within our possession;
5.2. The terms and conditions of the personal data processing referred to in this notice only apply to the processing of the personal data of individuals.
5.3. By using the websites of the companies or organisations of the RIGVIR GROUP or when becoming a client of one of the RIGVIR GROUP’s companies or organisations, the individual – data subject – has given permission to have their personal data processed and has accepted its terms and conditions.
6. Use of personal data
6.1. Personal data are collected to fulfil the contractual obligations and any binding legal obligations the RIGVIR GROUP has entered into as well as to complete any legitimate interests. In such cases, the acquisition of certain personal data is necessary to achieve a specific goal and the failure to produce such information may endanger the commencement of a business relationship or the completion of a contract.
6.2. In cases where the delivering of data is not mandatory, but its delivery may help to improve a specific service or offer more advantageous contractual conditions and/or offers, when collecting such data it will be noted that this data collection is voluntary.
III. PURPOSES OF PERSONAL DATA PROCESSING AND ITS LEGAL BASIS
7. The purposes of data processing
Personal data are processed in accordance with the abovementioned purposes, including:
7.1. The beginning of a service and its provision, as well as the completion and securing of a contractual agreement. To this end, it is necessary to identify a specific person, to ensure an offer and to prepare a contract, to get in contact should there be any questions regarding the completion of services and/or the completion of the contract (including billing), and, in certain cases, to ensure that no recovery of payments is made. For these purposes personal data are required to prepare contracts and to remain in contact with the client, such as identifying data as well as communication channel data (e-mail, telephone number, address).
The main legal bases to achieve these purposes are as follows:
7.2. The requirements of the laws and regulations governing the execution of services or other acts required by those laws and regulations. For this purpose the group of companies is required to comply with both the requirements for the provision of services and the laws and regulations governing accounting, as well as the requirements specified in the Archive Law and other regulatory enactments. For this purpose, the following personal data processing is necessary: the name, surname, social security number, address and other potential information of the client and/or partner’s contact person.
The main legal bases to achieve these purposes are as follows:
Compliance with a legal obligation (Article 6, point 1, subsection (c) of the General Data Protection Regulation);
7.3. To provide news, services and offers of the group of companies. Based on the consent of the individual and their indicated manner of receiving information, information is provided regarding:
For this purpose the following personal data is required: the client’s name, surname, address, telephone number, e-mail address. The main legal bases to achieve these purposes are as follows:
7.3.1. An individual has the right to revoke their consent for this purpose at any time, and the group of companies will no longer process the individual’s data for this purpose. The revoking of consent does not affect the processing of personal data which took place when the individual’s consent was still valid. Consent can be revoked online at: www.rigvir.com or by calling +371 67 716 132.
7.4. Safeguarding or preventing a threat to the property interests or ensuring other legitimate interests of the group of companies or third parties. For this purpose, the group of companies must provide video surveillance in its territories, buildings and other properties, record telephone conversations, employ data processors to perform a variety of functions, when necessary sharing personal information with courts and other government institutions and exchanging information within the group of companies using the rights granted by laws and regulations to ensure its legitimate interests.
For this purpose, the following personal data processing is necessary: the name, surname, social security number, address and other potential information of the client and/or partner’s contact person. The main legal basis to achieve this purpose is as follows: The legitimate interests of the company (Article 6, point 1, subsection (f) of the General Data Protection Regulation), for example, for the purposes of discovering criminal offences.
IV. PERSONAL DATA PROCESSING AND PROTECTION
8. Personal data acquisition.
The group of companies acquires the personal data of individuals in one the following ways:
9. Personal data access.
The group of companies takes appropriate measures to process personal data in accordance with all applicable laws and regulations and to ensure that third parties who have no legal basis to process specific personal data do not gain access to this personal data.
When necessary, the following can gain access to personal data:
V. DURATION OF PERSONAL DATA STORAGE, CONDITIONS AND UPDATES
10. Personal data storage
10.1. personal data is stored for as long as storage is necessary to complete its processing, as well as in accordance with the requirements of the applicable laws governing data storage. When assessing the duration of personal data storage, the group of companies shall take into account the requirements of applicable laws and regulations, aspects of contractual obligations, instructions by the individual (for example, in the case of consent) and the legitimate interests of the company. If the personal data are no longer required for certain purposes, they are deleted or anonymized.
10.2. The most common conditions for the storage of personal data:
VI. DATA ACCESS AND RETURN
11. Personal rights regarding data processing.
11.1. Updating personal data
If there has been a change in the personal data provided by the data subject, such as changes in social security numbers, contact addresses, telephone numbers or email addresses, the data subject should contact the group of companies and submit the most current data in order for the group to complete the relevant personal data processing.
11.2. The right of individuals to access and correct their data
In accordance with the provisions of the General Data Protection Regulation, any person has the right to access personal data held by the group of companies, to request correction, deletion, restriction of processing, to object to the processing of his personal data, has data transfer rights in certain cases specified in the General Data Protection Regulation, as well as the right to withdraw their consent to the processing of personal data.
The company respects the right of the person to access and control his or her personal data, therefore, upon receipt of a request by an individual, the company will reply to this request within the time limits specified by laws and regulations (usually no later than one month, unless there is a specific request that requires a longer period of time to prepare a reply), and, if possible, will correct or delete the personal data.
An individual may obtain information about his or her personal data held by the group of companies or exercise other rights as a data subject in one of the following ways:
Upon receipt of the submission or application, the group of companies will assess its content and the possibility of identifying the individual and, depending on the situation, will retain the possibility of asking the person to identify himself further in order to ensure the security of his data and its disclosure to the individual concerned.
12. Transfer of personal data outside the European Union (EU) or European Economic Area (EEA) countries.
The group of companies ensures the storage of personal data within the EU and the territory of the EEA, but in certain circumstances personal data may be transferred for processing outside of the EU and EEA to ensure certain services. Any such transfer of personal data is subject to the requirements of the General Data Protection Regulation.
12.1. When sending personal data outside the EU and the EEA, the group of companies meet at least one of the following conditions:
VII. DATA PROCESSING COMPLAINTS
13. Complaints related to the processing of personal data
13.1. Regarding questions or objections concerning data processing performed by the group of companies, we invite you to contact: (+371 67 716 132, 9-7 Teatra street, Riga, LV–1050, firstname.lastname@example.org).
13.2. If an individual believes that the group of companies is unable to resolve the issue or problem and the individual's right to personal data protection has been violated, they have the right to file a complaint with the Data State Inspectorate. Samples of applications for the Data State Inspectorate and other related information can be found on the website of the Data State Inspectorate.