INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA BY SIA "ZEMGALES TEHNOLOĢISKAIS CENTRS" (GDPR)Please review the information below regarding how we, SIA Zemgales Tehnoloģiskais Centrs, process personal data. This includes the purpose, scope, protection measures, and duration of data processing..
Controller and Contact Information1. The controller of personal data processing is SIA Zemgales Tehnoloģiskais Centrs, registration No. 40003013740, legal address: Akadēmijas iela 19, Jelgava, LV-3001.
2. The contact information for questions related to personal data processing is: info@iztc.lv. Using this contact information or by visiting our legal address during business hours, you can ask questions about personal data processing.
Scope of the Document3. Personal data is any information about an identified or identifiable natural person. Personal data includes information such as: name, surname, personal code/ID, date of birth, passport No./ID number, address, phone number, email address, contact person's name, surname, email address, phone number for the client's legal entity, details of services received and orders made by the client, income information, as well as other data you have provided to us so we can deliver our services to you.
4. We apply these data processing procedures to ensure privacy and personal data protection regarding:
- Natural persons
- Clients
- Users of our directly and indirectly provided services (including potential, former, and current users), as well as third parties who, in connection with providing services to a natural person (client), receive or provide any information to us (including contacts, payers, etc.);;
- Visitors to our office, production facilities, and other premises, including those subject to video surveillance;
- Visitors to our maintained websites and mobile applications (hereinafter referred to as Clients).
5. We care about the privacy and protection of our Clients' personal data and respect their rights to the lawful processing of personal data in accordance with applicable laws - the Personal Data Protection Law, the European Parliament and Council Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Regulation), and other applicable laws in the field of privacy and data processing.
6. The data processing procedure applies to data processing regardless of the form and/or environment in which the Client provides personal data (on the website, mobile applications, in paper format, or by phone) and in which systems or paper format they are processed by the company.
7. Regarding specific types of data processing (e.g., cookie processing, etc.), additional specific rules may be established for the environment and purposes, of which the Client will be informed at the time they provide us with the relevant data.
Purposes of Personal Data Processing8. We process the received personal data for the following purposes:
- For providing services and selling goods:
- Client identification;
- Preparation and conclusion of contracts;
- Delivery of goods and provision of services (fulfillment of contractual obligations);
- Fulfillment of warranty obligations;
- Improvement of goods and services, development of new goods and services;
- Advertising and dissemination of services for commercial purposes;
- Customer service;
- Administration of settlements;
- Assessment of creditworthiness;
- Debt recovery and collection;
- Maintenance and improvement of websites and mobile applications.
- For business planning and analytics:
- Statistics and Business Analysis;
- Planning and Accounting;
- Market Research;
- Report Preparation;
- Providing information to state authorities and operational entities in accordance with external regulatory acts and within specified cases and scope..
The legal basis for the processing of personal data.9. We process personal data based on the following legal bases:
- For contract conclusion and execution - to conclude a contract and ensure its execution;
- For compliance with regulatory acts - to fulfill obligations stipulated in binding external regulatory acts;
- With the Client's consent - for example, to receive information, news, offers;
- In the legitimate interests - to realize existing obligations between us and the Client or legitimate interests arising from the contract or the law.
10. Our legitimate interests are:
- Conducting commercial activities;
- Providing services;
- Verifying the identity of the Client before entering into a contract;
- Ensuring the fulfillment of contractual obligations;
- Mitigating unjustified financial risks to our commercial activities (including conducting credit risk assessments before the sale of goods and services and during contract execution);
- Retaining Client applications and requests for the purchase of goods and services, other applications and requests, notes on them, including those made orally, by phone, or on websites;
- Analyzing the operation of our website, internet sites, and mobile applications, developing and implementing improvements;
- Taking actions to retain Clients;
- Segmenting the client database for more effective service provision;
- Developing and improving goods and services;
- Advertising our goods and services by sending commercial messages;
- Sending other messages about the progress of the contract and significant events related to contract performance, as well as conducting Client surveys on goods and services;
- Preventing fraud;
- Ensuring corporate governance, financial and business accounting, and analytics;
- Ensuring effective company management processes;
- Improving the efficiency of service provision, sale of goods, and delivery;
- Ensuring and improving the quality of services;
- Administering payments;
- Administering unpaid payments;
- Appealing to state authorities and operational entities and courts to protect our legal interests;
- Informing the public about our activities.
Processing of personal data11. We process Client data utilizing the capabilities of modern technology, taking into account existing privacy risks and the reasonable organizational, financial, and technical resources available to us.
12.To ensure the qualitative and efficient fulfillment of contractual obligations with the Client, we may authorize our partners to perform certain activities related to the delivery of goods or provision of services, such as delivery of goods, sending invoices, and similar tasks. If, in carrying out these tasks, our partners process Client personal data available to us, such partners are considered as data processors, and we have the right to provide our partners with the necessary Client personal data to the extent necessary for the performance of these activities.
13. Our partners (acting as data processors) will ensure compliance with the requirements for the processing and protection of personal data in accordance with legal requirements and regulations, and will not use personal data for purposes other than the fulfillment of contractual obligations with the Client as assigned to us.
Protection of personal data14. We make every effort to ensure the security of personal data by employing appropriate technical and organizational measures to prevent unauthorized access, alteration, disclosure, or unlawful use of personal data.
Categories of recipients of personal data15. We do not disclose Client's personal data or any information obtained during the provision of services and contract activities to third parties, including information about received services, except for:
- if the relevant third party needs to receive data within the framework of a concluded contract to perform a function necessary for the execution of the contract or delegated by law (for example, to a bank for payment purposes);
- with the clear and unambiguous consent of the Client;
- to persons provided for in external regulatory acts upon their reasoned request, in accordance with the procedure and scope specified in external regulatory acts;
- in cases specified in external regulatory acts for the protection of our legitimate interests, for example, by addressing a court or other state institutions against a person who has infringed upon these legitimate interests.
Retention period of personal data16. We store and process Client's personal data for as long as at least one of the following criteria is met:
- Only for the duration of the contract concluded with the Client;
- For as long as we or the Client can pursue our legitimate interests in accordance with external regulatory acts (for example, to submit objections or to assert or defend claims in court);
- For as long as there is a legal obligation for either party to retain the data;
- For as long as the Client's consent for the respective processing of personal data is valid, if there is no other lawful basis for data processing.
17. After the circumstances mentioned in point 16 cease to exist, the Client's personal data is deleted.
Access to personal data and other Client rights18. The Client has the right to receive the information provided for in regulatory enactments regarding the processing of his/her data and to verify the accuracy of his/her data and correct them.
19.The Client also has the right, in accordance with regulatory enactments, to request access to his/her personal data, as well as to request their supplementation, correction, or deletion, or to request restrictions on processing in relation to the Client, or the right to object to processing (including processing of personal data based on our legitimate interests), as well as the right to data portability. These rights are exercised to the extent that data processing does not result from our obligations imposed by applicable regulatory enactments and which are performed in the public interest.
20. The Client may submit a request to exercise his/her rights:
- In writing, in person at our office at the legal address, presenting a personal identification document;
- Electronically, by signing with a secure electronic signature.
21. Upon receiving the Client's request to exercise his/her rights, we verify the Client's identity, evaluate the request, and execute it in accordance with regulatory enactments.
22. We send the response to the Client by mail to the contact address provided by him/her in the letter or by considering the preferred method of receiving the response indicated by the Client.
23. We ensure compliance with data processing and protection requirements in accordance with regulatory enactments, and in case of objections from the Client, we take appropriate actions to resolve the objections. However, if unsuccessful, the Client has the right to address the supervisory authority - the Data State Inspectorate.
The Client's consent to data processing and the right to withdraw it24. The Client may provide consent to the processing of personal data, for which the legal basis is consent (for example, individually tailored advertising, etc.), through service application forms, on our or other websites (for example, newsletter subscription forms), in person, or by providing written consent at the time of contract signing.
25.The Client has the right to withdraw the consent to data processing at any time, in the same manner it was given or in any other convenient and unambiguous manner. In such case, further processing of data based on the previously given consent for the specific purpose will not be carried out.
26. The withdrawal of consent does not affect the processing of data carried out during the time when the Client's consent was valid.
27. Revoking consent does not interrupt the processing of data carried out on other legal bases.
Communication with the Client28. We communicate with the Client using the contact information provided by the Client (phone number, email address, postal address).
29. We communicate regarding the fulfillment of service contract obligations based on the concluded contract (for example, regarding the receipt and execution of services or goods orders, information about invoices and their payment terms, changes in services, etc.)..
Commercial notifications30. We communicate commercial notifications about our and/or third-party services and other unrelated notifications (such as customer surveys) in accordance with the regulatory enactments or with the Client's consent.
31. The Client may consent to receiving our and/or our partners' commercial notifications through service application forms, on our website (for example, newsletter subscription forms), in person, or by providing written consent at the time of contract signing.
32. The Client's consent to receiving commercial notifications is valid until revoked (even after the termination of the service contract). The Client may opt out of further receiving commercial notifications by any of the following methods:
- Sending an email to info@ztc.lv;
- In person at our office;
- Changing notification settings on their device;
- Using the automated option provided in the commercial notification to unsubscribe from further notifications by clicking on the unsubscribe link at the end of the respective commercial notification (email).
33. We cease sending commercial notifications as soon as the Client's request is processed. The processing of the request depends on technological capabilities, which may take up to three working days.
Website visits and cookie processing34. Our websites may use cookies. The rules for cookie processing are outlined separately.
35. Our website may contain links to third-party websites, which have their own terms of use and privacy policies, for which we are not responsible.
Other provisions36. We reserve the right to make additions to the personal data processing procedures, making the current version available to the Client by posting it on our website.
This privacy policy is effective from 01.01.2024 and will be reviewed as necessary.