Data controller and its contact information:
SIA “Composite PRO”
Office contact information: Priedaines iela 19, Piņķi, Babītes pag., Mārupes nov., LV-2107
Tel. +371 28 044 944
You can always contact us by e-mail: firstname.lastname@example.org
SIA “Composite PRO” is responsible for the processing of personal data in the company based on the legal basis and purposes set out in this policy, for example, but not limited to – to fulfill the legal (or legal) requirements:
- for marketing;
- for the provision and use of services, financial and other administrative and business management;
- for customer and supplier relationship management;
- for the analysis and development of goods, services, customer and supplier relations, and business.
- natural persons – customers, employees, and other cooperation partners (including potential, former and existing ones), as well as third parties who, through mutual cooperation with SIA “Composite PRO” receive or transfer to SIA “Composite PRO” any information (including contact persons, signatory persons, etc.);
- for visitors to the office and other premises of SIA “Composite PRO”, including those for which video surveillance is carried out;
- for visitors to the website and social media pages maintained by SIA “Composite PRO”;
- SIA “Composite PRO” takes care of Clients’ privacy and personal data protection, and respects Clients’ rights to the legality of personal data processing in accordance with the applicable legislation – the Law on the Protection of Personal Data, the Regulation of the European Parliament and the Council of April 27, 2016/ 679 on the protection of natural persons in relation to the processing of personal data and the free circulation of such data (Regulation) and other applicable legislation in the field of privacy and data processing.
- Regarding specific types of data processing (for example, cookie processing, etc.), environment, purposes, additional, specific rules may be established, which the person is informed about when providing relevant data to SIA “Composite PRO”.
Legal basis for data processing of personal (data subject) data:
- The data subject has given his consent to the processing of his personal data for one or more specific purposes.
- Data processing is necessary for the performance of a contract, the contracting party of which is the data subject, or for the performance of measures at the request of the data subject before the conclusion of the contract.
- Data processing is necessary to fulfill a legal obligation attributable to the controller.
- Data processing is necessary to meet the legitimate interests of the controller or a third party, except if the interests of the data subject or the fundamental rights and freedoms that require the protection of personal data are more important than such interests, especially if the data subject is a child.
- Information received from the data subject before cooperation, contract conclusion, for example, information or offer requests, informational materials or order requests, etc.
- Legitimate interest in direct marketing.
- Ensuring compliance with the requirements of regulatory acts when conducting business.
Personal data is processed for the following purposes:
creation, management, and development of the accounting system of customer relations and customers (their signatory persons, representatives);
- marketing, offering, mediation, provision, and performance of various services;
- services performed by the data controller himself or by offering the services of cooperation partners;
- assessing the creditworthiness of cooperation partners, and clients and invoicing, monitoring, and collecting payments (their signatories, representatives);
- communication with the client, and cooperation partners, including customer and supplier feedback and satisfaction surveys;
- timekeeping system for data processing;
- developing goods, services, and business;
- detection, prevention, and investigation of fraud and other criminal offenses;
- performing analysis and statistics to achieve the aforementioned goals.
Consent of the data subject, in cases where it is necessary:
- to find the data subject;
- to allow the employee to use his personal (electronic) means of communication, such as mobile phones;
- to determine the benefits or benefits due to the data subject;
- for other purposes specified in laws and regulations;
- the consent of the data subject to the processing of personal data, the legal basis of which is consent, can be given electronically, by mail, or in person;
- the data subject has the right at any time to withdraw the consent given to data processing in the same way as it was given, and in that case, further data processing based on the previously given consent for the specific purpose will not be carried out in the future;
- withdrawal of consent does not affect data processing carried out at the time when the Client’s consent was valid;
- withdrawal of consent cannot stop data processing carried out on the basis of other legal grounds.
Data subjects and categories of personal data:
- The data controller processes the data of its potential, current and previous customers, cooperation partners, and employees. For the purposes mentioned above in this policy, the following personal data is processed:
- basic information of the data subject, such as name, surname, personal code, customer identifier, year of birth, profession, residential address, e-mail address, telephone number, and preferred method of communication;
- marketing data; preferences and interests related to, for example, building types and their characteristics and locations; other interests and information provided by the data subject;
- accounting data of the client, cooperation partner, and employees, for example, the term of cooperation and the procedure for establishing and terminating the relationship; data on service contracts, orders, their suspension, and cancellation; customer feedback and complaints; communication with customers, cooperation partners, and marketing research; other communications; data on payments and creditworthiness;
- personal codes are processed only for purposes permitted by law if it is important to identify the data subject.
Regular sources of information:
- Personal data is collected directly from the data subject when the data subject registers or uses the service; send your own or contact information or make a request for any information; shows interest in cooperation; places an order; concludes a contract; participates in events or otherwise communicates with the data controller in person, by phone or digitally.
- Personal data can also be received from the direct employer of the data subject, in the case of the electronic timekeeping system of its representative, and also when submitting a list of employees at the construction site, based on Cabinet of Minister’s regulations no. 92.
- Personal data may also be collected and updated through the company, etc. websites, open and closed companies and business registers, public authorities, postal operators, public telephone lists, direct marketing, other data intermediaries, and other similar public and private registers.
Disclosure and transfer of data:
- The data controller may disclose personal data to other companies whose services the data controller uses and enables to use for its employees or those of cooperation partners, for example in the case of using an electronic timekeeping system.
- The data is not disclosed to other persons, except when it is necessary for accordance with the legal or contractual obligations of the data controller, as well as after the requests of the controlling authorities.
Data protection and storage:
- Access to personal data is allowed only to those persons who need data processing as part of their work or other duties. Digital data is protected by passwords and other technical means. All data is protected by physical means of access control.
- After the end of the customer relationship, personal data is stored as long as the contractual and legal rights and obligations are valid, as well as until the end of the retention and liability periods, in accordance with, for example, the Law on Archives, the Law “On Taxes and Fees”, the Law on Construction, the Consumer the law on the protection of rights, the law “On accounting”, the Civil Law and the Civil Procedure Law.
- After the end of the relationship between clients and cooperation partners, the Data Controller can save anonymized data, as well as the aforementioned basic information (except for the personal code) and the data subject’s marketing data for direct marketing purposes.
Data subject access, data correction, and other rights:
- Data subjects have the right to know what type of personal data about a specific subject has been collected and processed by the data controller. At the request of the data subject, we will correct, delete or supplement any incorrect, unnecessary, incomplete, or outdated personal data.
- Data subjects have the right to prohibit the use of data for direct advertising and other forms of direct marketing, as well as to prohibit the use of data in questionnaires and market research.
- Data subjects can also withdraw the consent they have given, object to data processing, or limit their processing in the cases specified by law, and they also have the right to file a complaint with a supervisory authority.
- Requests can be submitted using the contacts indicated in section 1. The data controller may need to ask for additional information to confirm the identity of the data subject. The data controller can ask the data subject to clarify, including extending, the deadline for data processing, including the termination of processing.
Principles of data protection organization:
- Data protection organizations, security policies, and other binding documents are reviewed at least once a year.
- The costs of limiting data security risks and ensuring continuous operation are commensurate with the possible losses that could occur in the event of these risks.
- The manager facilitates the data subject’s understanding of the obligations to ensure the protection of information systems, necessarily introducing the data subject to the security policy and other binding developed documents.
- The manager informs the data subject about data processing security events and incidents that may threaten the data subject’s personal data security within 72 hours of the detection of the incident.