SIA Spikeru Nami Privacy Policy,

developed according to requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

 

Curator and its contact information

Curator of processing of personal data is SIA Spikeru Nami (hereinafter referred to as the Company), unified registration No 40103620621, registered office: 1 Katlakalna Iela, Rīga, LV-1073.

Company’s contact information in matters related to processing of personal data is info@spikerunami.lv.

By using this contact information or addressing the Company at the registered office, you can ask questions on processing of personal data. Request on use of your rights can be submitted according to the procedure provided herein.

 

Privacy Policy application

Personal data is any information on identified or identifiable natural person – Data Subject, i. e., Company’s employee, customer, cooperation partner or its employee, job applicant.

Identifiable natural person (data subject) is a person that can be directly or indirectly identified, especially by referring to an identifier, e. g., the mentioned person’s name, surname, identification number, location data, online identifier or one or more physical, physiological, genetic, mental, economical, cultural or social identity factors characteristic of the mentioned natural person;

Privacy policy is applied for provision of privacy and protection of personal data in respect of:

  • natural persons – employees, customers and other users of the Company’s provided services (including potential, former and existing), as well as third parties, who, in relation to provision of services to the natural person (customer, user), receives or submits to the Company any information (including contact persons, payers, etc.);
  • visitors to the Company’s offices and other premises, including in respect of whom video surveillance is performed;
  • visitors to the Company’s maintained websites.

Company cares for privacy and protection of personal data of customers and cooperation partners, observes customers’ rights to lawfulness of processing of personal data according to applicable legal acts – laws of the Republic of Latvia and subordinated legal acts, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation) and other applicable legal acts in the field of privacy and data processing.

Privacy policy is applicable to data protection regardless of in what form and/or environment customer provides personal data (at the Company’s website, mobile applications, in paper format or electronically) and in what systems of the company or in paper form they are processed.

 

Purposes of processing of personal data

Company processes personal data for the following purposes:

  • Provision of services;
  • Business planning and analytics;
  • Provision of information to public administration institutions and operative activity subjects in cases and in scopes provided for in external normative acts;
  • Within the scope of video surveillance for prevention or detection of the Company’s criminal acts in relation to property protection, to fight preventively criminal acts and administrative violations;
  • In other specific purposes, for which Customer is informed at the time, when he provides respective data to the Company.

 

Legal basis of processing of personal data

Company processes personal data of its employees, customers and cooperation partners, based on the following legal bases:

  • conclusion and fulfilment of contracts (Employment Contract);
  • observance of laws – to fulfil lawful duties binding upon the Company;
  • Consent of data subject is any freely provided, specific, intentional and unequivocal reference to desires of the data subject, by which he in from of a notice or clearly confirming activity provides consent to processing of his personal data

 

Processing of personal data

Processing of personal data is any activity or an aggregate of activities with personal data or an aggregate of personal data performed with or without automated means, e. g., collection, registration, organizing, structuring, storage, adaptation or transformation, recovery, examination, use, disclosure by sending, distributing or otherwise making available, coordination or combination, restriction, deletion or destruction.

Company performs processing of personal data of the data subject, strictly observing Data processing basic principles specified in Sec. 5 of the Regulation.

Company processes data of the data subject using both automated means and possibilities of modern technologies (electronic registers, websites) and without them, taking into account existing privacy risks and organizational, financial and technical resources reasonably available to the Company.

For high-quality and operative provision for performance of obligations under the contract concluded with the customer, Company may authorize Company group companies or its cooperation partners to perform individual goods delivery or service provision activities, e. g., performance of goods delivery works, performance of warranty service works, sending of invoices, etc.. If in performance of these tasks Company group companies or its cooperation partners process the customer’s personal data at the Company’s disposal, respective Company group companies or its cooperation partners are considered the Company’s data processing processors and the Company is entitled to submit the customer’s personal data to the Company group companies or its cooperation partners for performance of such works in such amount as is necessary for performance of these works.

Company’s cooperation partners and Company group companies (in the status of personal data processor) will provide for fulfilment of requirements of processing and protection of the data subject according to the Company’s references and legal acts, and will not use personal data for other purposes besides for fulfilment of obligations under the contract concluded with the customer at the Company’s task.

 

Protection of personal data

Company protects the Data Subject’s data by using possibilities of modern technologies, taking into account the existing privacy risks and organizational, financial and technical resources reasonably available to the Company, including by using the following safety measures:

  • Data pseudonymization;
  • Penetration protection and detection software;
  • Other protection measures according to the actual possibilities of hardware development.

Besides, Company is entitled to forbid to employees, cooperation partners and customers to process the Data Subject’s data without its special appointment.

 

Categories of personal data receivers

Company does not disclose to the third parties the customer’s personal data or any information obtained during provision of services and operation of contracts, except:

  • if respective third party must submit data within the scope of concluded contracts, in order to perform any function necessary for fulfilment of the contract or delegated by law;
  • according to the customer’s clear and unmistakable consent;
  • to persons provided for by external normative acts by their justified request according to procedure and in scope provided for by external normative acts;
  • in cases provided for by external normative acts to the Company for protection of legal interests, e. g., when addressing the court or other public institutions against the person who violated legal interests of this Company.

 

Access of subject of the third countries to personal data

Company’s personal data cannot be accessed in the third countries (i. e., in countries outside of the European Union and the European Economic Area) by existing developers or service providers (for the purpose of the Regulation – sending to the third countries) in the status of data processor (operator).

 

Length of storage of personal data

Company stores and processes personal data of employees, customers (also potential employees or customers, partners), until at least one of the following criteria exists:

  • only until the contract concluded with the customer is valid;
  • until the Company or the customer can realize their legitimate interests according to procedure provided for by external normative acts (e. g., submit objections or file actions to court);
  • until exists legal duty of any of the parties to store data;
  • until the customer’s consent to respective processing of personal data is valid, unless any other legal basis for data processing exists.

When all mentioned conditions expire, personal data are deleted.

 

Access to personal data and other Data Subject’s rights

Data Subject is entitled to receive from the Company confirmation of whether personal data are or are not processes in respect of the Data Subject, and if they are, Data Subject is entitled to access respective data and receive about them information mentioned in Sec. 15 of the Regulation, i. e., is entitled to request access to his personal data, as well as to request to supplement, correct or delete them, or to restrict processing in respect of the customer, or is entitled to object to processing (including against data processing performed based on the Company’s lawful (legitimate) interests), as well as is entitled to data portability. These rights are realized, unless data processing results from the Company’s duties according to the valid normative acts, which are performed in public interests.

Data Subject may submit the request on use of his rights:

  • in written in person in the Company’s office, producing personal identity document;
  • in form of electronic mail, signing with a secure electronic signature;

Having received the Data Subject’s request on use of his rights, Company ascertains the Data Subject’s identity, evaluates the request and fulfils it according to normative acts.

Company sends a response to the Data Subject by post to his specified contact address in a recorded letter, taking into account the Data Subject’s specified form of receipt of a response, if possible.

Company provides fulfilment of data processing and protection requirements according to normative acts, and in case of the Data Subject’s objections performs suitable activities to resolve the objection. However, if it fails, Data Subject is entitled to address the supervising institution – State Data Inspectorate, filing the respective complaint to it.

 

Communication with customers

Company performs communication with customers by using customers’ specified contact information (phone number, e-mail address, postal address, as well as by using text messages from service).

Company performs communication on fulfilment of contractual obligations of services on the basis of the concluded contract (e. g., information on invoices, planned works, changes in services, etc.).

 

Commercial notices

Company performs communication on commercial notices on services of the Company and/or the third parties according to the external normative acts or the customer’s consent.

Consent to receipt of commercial notices of the Company and/or its cooperation partners may be given by the Customer to the Company by sending it to the Company’s e-mail info@spikerunami.lv.

Customer’s given consent to receipt of commercial notices is valid until revocation (also after termination of the services contract). Customer may at any time refuse to receive further commercial notices in any of the following ways:

  • sending to the e-mail address info@spikerunami.lv;
  • in person in the Company’s office.

Company terminates sending of commercial notices as soon as the customer’s request to revoke the consent to commercial notices is processed.

 

Other provisions

Company is entitled to supplement the Privacy Policy, taking into account recommendations of the State Data Inspectorate, when the Company’s commercial activities change, placing its updated version ion the Company’s website.