Privacy Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we ensure particularly transparent and fair processing of personal data.

This privacy policy, hereinafter referred to as the Policy, describes the procedure in which SIA “AVAR AUTO”, hereinafter referred to as the Controller, processes natural persons’ data as their controller.

We as the personal data Controller comply with personal data processing principles during the process of data processing:

  • Lawfulness
  • Fairness
  • Transparency
  • Purpose limitation
  • Precision
  • Minimisation
  • Integrity and confidentiality
  • Storage limitation

Definitions:

Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Client – a legal or natural person who uses, has used, has expressed the wish to use any services provided by the Controller or is related to them in any other way.

Personal data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one which can be directly or indirectly identified, in particular by referring to an identifier, such as the name, surname, identification number, location data, online identifier of that person or one or more physical, physiological, genetic, mental, economic, cultural or social identity factors.

Data subject – an identified or identifiable natural person (data subject).

Purposes of personal data processing:

  • Entering into transactions and fulfilment of obligations.
  • The Controller’s financial accounts and personnel management.
  • Document storage in archive.
  • Ensuring the Controller’s security.
  • Fulfilment of other requirements laid down in the normative acts.

The Controller transfers the Client’s data to the following recipients of Personal data, if it does not contradict with the applicable normative acts:

  • To persons related to the functioning of the Controller’s company and business development, including but not limited to providers of data storage services, providers of IT services, security companies, banks, etc. if there is a justified necessity.
  • To law enforcement authorities or other third parties if it is deemed necessary in accordance with the applicable normative acts.
  • In some cases, the Controller may transfer Personal data to companies related to the Controller in the European Union and in the European Economic Area for its business.

Scope, term of personal data processing, and data storage

The Client’s Personal data shall be processed in the scope which is necessary and which complies with the set purposes of personal data processing, with regard to the requirements of the valid normative acts.

The Controller will store the Clients’ Personal data within the period laid down in the normative acts, as well as until the purposes of the Personal data processing are fulfilled.

In all types of data processing carried out by the Controller, the data shall be obtained from the Client. The Controller processes the obtained information in a fair and lawful way and it is only used for the implementation of the objectives laid down in this privacy policy and the information submitted by the Client will never be used for other objectives not related to this privacy policy.

Confidentiality and data security

Confidentiality is very important to the Controller therefore the appropriate technological and organisational measures are applied in order to secure the personal data submitted by Clients.

The Controller’s security procedures and regulations are in compliance with the valid external normative acts which regulate personal data security.

All of the Controller’s employees are trained and they comply with the requirements of confidentiality, security and personal data protection.

Access to the Clients’ data is granted only to authorised Controller’s employees, in individual cases to the Controller’s cooperation partners on a contract basis.

The Controller will react to all objections of the Clients regarding data processing and will carry out all measures in order to resolve the Clients’ objections.

The Client has the right to approach the supervisory authority Data State Inspectorate with a complaint about the processing of the Client’s data, contact information: Riga, Blaumana street 11/13-15, Tel.: 67223131, E-mail: info@dvi.gov.lv.

Rights of data subjects

In accordance with the valid normative acts which regulate personal data protection, data subjects have the following rights:

  • the right to limit personal data processing
  • the right to withdraw the consent to carry out personal data processing
  • the right to access personal data
  • the right to correct or delete the Clients’ personal data from Controller’s systems

unless the Controller has legal grounds to continue the Clients’ personal data processing.

If a data subject informs the Controller about it’s wish to use one of these rights, then the Controller will respond to this request within a month after receiving the request.

A data subject may contact the Controller to obtain information about the personal data about the data subject available to the Controller, or to approve or correct the data. Clients have the right to request the erasure of personal data available to the Controller, unless this request contradicts the legislation valid in the Republic of Latvia.

A data subject (Client) may make corrections to the submitted data at any time. In such case, the Client shall contact the Controller via telephone 22337875 or send a letter to the Controller’s registered address: “Gatves”, Jaunmarupe, Marupe Region, LV-2166, Riga or by sending an e-mail to the e-mail address: aija.matulena@man.lv