SIA “SAFE GROUP” privacy policy on terms of natural personal data processing and protection
This SIA “SAFE GROUP”, registration No. 40103242413, legal address: “Mārtiņmuiža”, Mārupes nov., LV-2167, Latvia, e-mail address: info@safegroup.lv (hereinafter – SAFE GROUP) policy on terms of natural personal data processing and protection (hereinafter – the Policy) includes a procedure that SAFE GROUP as a controller uses to process the natural personal data when the data comes into possession of SAFE GROUP according to procedure provided in regulatory acts/contracts.
The goal of the policy is to inform the natural person – the data subject – about the purpose, aim, legal basis and protection, etc. terms of the personal data processing that are used when processing the personal data the subject in a lawful, fair and transparent manner.
1. Definitions
1.1. Personal data – any information that, if used, can directly or indirectly identify a specific living natural person (“the data subject”).
1.2. Personal data processing – any activity or set of activities carried out with the Personal data or their sets including, but not limited to collection with specific and clear aim, and data organisation, structuring, viewing, usage, transforming, sending, disclosure, storage, harmonisation, modification, restriction, deletion and destruction, etc.
1.3. Employee for the purpose of this document is a natural person that has employment relationship with SAFE GROUP, including the relationships according to a labour contract, company contract, royalty agreement.
2. Personal data controller and its contact information
SIA “SAFE GROUP”
Registration No. 40103242413
Office contact information: “Mārtiņmuiža”, Mārupes nov., LV-2167, Latvia
Telephone No. +371 26178151
E-mail address info@safegroup.lv
Only place of business for SAFE GROUP is in Latvia.
In case of questions, suggestions or complaints in relation to the manner how SAFE GROUP processes the Personal data, please consult the contact person (in writing):
Elīna Nisinena
Address: “Mārtiņmuiža”, Mārupes nov., LV-2167, Latvia
E-mail address elina.nissinen@safegroup.lv
When contacting the data subject, SAFE GROUP and its responsible person use only the contact information specified in an application and/or a request of the data subject.
3. Policy application
3.1. By transferring their Personal data to SAFE GROUP including the documents, the data subject agrees with the terms of the Policy.
3.2. The Policy is applied in relation to natural persons including, but not limited to former, current, potential Employees, clients, cooperation partners, visitors of SAFE GROUP website and social media platforms and other third persons that receive or transfer any information to SAFE GROUP regardless of the format and/or manner it is transferred in (electronically, in paper format, by phone, in oral form, on the website, social media platforms).
(with add-on that made by SIA “SAFE GROUP” 11.02.2019. order No. RI/11022019, effective as of 11.02.2019.)
3.3. SAFE GROUP complies with the right to privacy, the lawfulness of data processing of the Personal data in accordance to the applicable legal acts: Personal Data Processing Law, Directive (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and other applicable legal acts on processing and privacy of Personal data.
3.4. Additional terms can be set for the purposes regarding the specific data processing types (for example, cookie processing) of which the data subject will be made aware of when submitting the specific data to SAFE GROUP.
4. Legal basis of personal data processing
4.1. The data subject has given consent to the processing of the Personal data for one or several purposes, including to publicly inform the society about what is happening at SAFE GROUP and its current events in line the aims of the Policy.
4.2. The processing of the Personal data is necessary to execute a contract to which the data subject is a party, or to perform services after a request of the data subject before the conclusion of a contract (including establishment of working relations, identification of the person by a identity document before the establishment of employment relationships, to obtain and process information necessary to perform the obligations under the contract or professional duties (e.g. bank account details, Employee identity card, etc. staff documents)), or for requests of information or delivery to draw up a transaction of product or service purchase, to provide services and to use them, as well as to organise other forms of cooperation.
4.3. Personal data processing is necessary to carry out a legal obligation that SAFE GROUP is subjected to as a controller (data processing complies with the requirements of the regulatory acts), for example, pertaining processing of special categories of data if it is applicable, the payment of a salary, or regulated by regulatory acts and reports of the Central Statistical Bureau, the Personal data processing, to grand the holidays that are provided under the legal acts and to provide the mandatory health examinations.
4.4. Personal data processing is necessary to comply with the legitimate interests of SAFE GROUP or a third person, except where the interests or basic rights, or fundamental freedoms of the data subject who needs a Personal data protection are more important than these interests especially if the data subject is a child. For example, SAFE GROUP internal communication and performance of its elements, including within the group of companies of SENSUM GRUPA and UGN, management of the organisational entrepreneurship (analysis of clients, products, services), provision of personal resources, provision of effectiveness personnel and their management process, provision of corporate culture (organisation of corporate events and other activities related to cohesion), audits and provision of regular checks are considered as these interests.
5. Purposes and aims of the personal data processing
5.1. Personal data processing is carried out according to the consent (electronic, written, oral) of the data subject or the contractual obligations.
5.2. Registration of accounting, personnel, working hours, and processing and administration of the specific data.
5.3. State and municipality information systems that contain Personal data that is available to the public.
5.4. To execute the legal obligation of SAFE GROUP, including the aim of archiving according to the Archives Law.
5.5. Service marketing, including construction services that are carried out by SAFE GROUP and their provision, offer, products, services and development of the business.
5.6. Provision of SAFE GROUP legitimate interests.
5.7. Establishment and management of relationships with the clients, cooperation partners, including communication with clients, cooperation partners, their research, as well as management of their representatives and persons with signatory power, invoicing, supervision and charging of payments (their representatives and persons with signatory power).
5.8. Detection, prevention and investigation of fraud and other criminal offences.
5.9. Other aims provided in legal acts.
6. Categories of data subjects and the Personal data
6.1. Basic information of the data subject, e.g. forename, surname, data of birth, personal identity no., gender, personal signature and photograph.
6.2. Contact information of the data subject, e.g. telephone no., address of residence, e-mail address, preferred manner of communication and language.
6.3. Professional data of the data subject, e.g. education (including informal education), profession, former and current place of work, qualification, additional skills (including language skills), membership of organisation, additional education or courses.
6.4. Family data of the data subject, e.g. about birth of a child.
6.5. Financial data of the data subject e.g. bank account and ownership.
6.6. Other information about the data subject (e.g. data in the context of insurance services, data submitted by a direct employer about the employees in a construction site).
6.7. Recorded data of a client, cooperation partner, Employee, e.g. data on contracts, orders, communication with clients, cooperation partners, data of invoices, payments, data obtained from websites or received from public, private registers or third parties, from public lists of telephone subscribers etc.
6.8. Data that has been obtained from investigating authorities, sworn notaries, tax administrations, courts and sworn bailiffs.
6.9. Personal identity no. are processed only for purposes laid down in the law if it is necessary to identify the data subject, e.g. for use of electronic working time control system and in cases of entering into the construction site.
6.10. Written requests/comments posted in written form on the SAFE GROUP website, Personal data, data about social media usage (SAFE GROUP website includes function “Share” of the Facebook and Twitter social media platforms) and other information that is obtained using cookies. SAFE GROUP cookie policy is available on SAFE GROUP website – https://safegroup.lv/en/cookies-2.
(with add-on that made by SIA “SAFE GROUP” 11.02.2019. order No. RI/11022019, effective as of 11.02.2019.)
7. Disclosure, transfer and transmission of the Personal data
7.1. SAFE GROUP can disclose the Personal data to other companies (including outsourcing providers) whose services SAFE GROUP uses and enables the cooperation partners or employees of the cooperation partners to make use of, e.g. in case of the electronic working time control system, to draw up an authorisation for SAFE GROUP, insofar as is necessary to provide the specific service and contractual obligations, and to maintain the corporate style (business cards, seals of the company). The other companies that are referred in this paragraph must comply with the guidelines of SAFE GROUP and the Policy, as well as requirements of the regulatory acts with regard to the processing and protection of personal data.
7.2. The Personal data is not disclosed to other persons without legal basis for such disclosure. They can be transferred to, e.g. Personal data protection supervisory authority, sworn bailiffs, law enforcement authorities, commercial register, other registers or other state institutions according to the procedure established in regulatory acts.
7.3. Personal data can be disclosed to specific employees of SAFE GROUP within personnel management in performing functions and fulfilling requirements laid out in the regulatory acts regarding employment or following other organisational considerations in relation to execution of commercial activities, or provision of organisation and work processes and everyday activities. Access to personal data is allowed for those employees of SAFE GROUP who need to carry out personal data processing in order to carry out their work or other responsibilities and assignments.
7.4. Personal data can be transferred to other company within the group of companies of SENSUM GRUPA and UGN for the processing of data for internal administrative purposes.
7.5. Personal data is not transmitted outside of the European Union (hereinafter – EU) or the European Economic Area (hereinafter – EEA). However if it is necessary to transmit the data outside the EU or EEA, SAFE GROUP ensures that the particular country to which the data will be transmitted to will be approved by the European Commission as a country with appropriate level of privacy protection or SAFE GROUP will use standard contract provisions approved by the European Commission.
8. Personal data protection and storage
8.1. Personal data in the electronic environment is protected by passwords and other technical means. Personal data is stored in locked rooms/filing cabinets.
8.2. Personal data is collected and processed for above mentioned aims and purposes only as long as it is necessary to achieve the aims and purposes or in line with timingrestrictions set by the regulatory acts. Storage period can be justified by the legal basis referred to in the paragraph 4 of the Policy. After the end of the usage term the Personal data is deleted or anonymised, if it is possible, or archived.
8.3. After the end of the relationships with clients, cooperation partners, Employees, the personal data is stored as long as contractual or legal rights or obligations are valid, as well as until the end the storage and liability period according to the regulatory acts, for example, Archives Law, law On Taxes and Duties, Construction Law, Labour Law etc.
8.4. After the end of relationships with clients and cooperation partners, SAFE GROUP may store anonymised data and the personal data of the data subject for purposes of marketing.
8.5. SAFE GROUP periodically (at least once a year) reviews the Policy, the Personal data at its disposal, and, if necessary, draws up other binding documents, as well as informs the Employees about them, if necessary it carries out their training.
8.6. SAFE GROUP provides confidentiality on the Personal data within the pertaining regulatory acts applying technical and organisational means for protection against unauthorised access to the Personal data, its unlawful procession or disclosure etc. factors.
8.7. SAFE GROUP will inform the supervisory authority about Personal data breach without undue delay and, if possible, no later than within 72 hours starting from the moment when the a breach of personal data protection was committed and SAFE GROUP was made aware of it, except when SAFE GROUP can demonstrate that the personal data protection breach is not likely to cause a risk to rights and freedoms of natural persons according to the principle of accountability.
9. Personal data rectification, deletion, withdrawal of the consent and other rights
9.1. The data subject has a right to know what kind of Personal data on this particular subject SAFE GROUP has at its disposal. The data subject has a right to request, in writing, access to Personal data about it, and request that SAFE GROUP rectifies, supplements or deletes any wrong, unnecessary, incomplete or old Personal data.
9.2. The data subject has a right to deny the use of its data for direct advertising and other direct marketing types, as well as to deny the use of data in questionnaires or market research.
9.3. The data subject may withdraw its consent for the personal data processing in the same way it was given, it may object to the Personal data processing or limit the procession in cases provided by the regulatory acts. This right is not valid if the Personal data that is requested to be deleted is being processed regarding other legal basis, for example, obligations arising from of contracts or respective regulatory acts. Withdrawal of the consent does not effect the Personal data processing that was done when the consent of the data subject was valid.
9.4. SAFE GROUP Employee or any other person whose data has been processed by SAFE GROUP has a right to submit a complaint against SAFE GROUP to the supervisory authority – the Data State Inspectorate (www.dvi.gov.lv) – for the personal data processing that was done, if the person believes that the personal data procession breaches its rights and interests according to the applicable regulatory acts.
9.5. A data subject can submit a request using the contact information specified in paragraph 2 of the Policy. SAFE GROUP representative might ask for additional information to confirm the identity of the data subject. SAFE GROUP might ask the data subject to specify and also to extend the term of data processing and cancellation of processing.
9.6. The data subject has a right not to be subjected to automated decision making, including profiling, if there is legal consequences for such decision making. This right is not valid if it is necessary to reach a decision in order to conclude or to execute a contract, or the decision making is allowed according to applicable regulatory acts or the data subject has given an explicit consent.
10. Other terms
10.1. SAFE GROUP has a right to unilaterally amend and supplement the Policy according to the applicable regulatory acts.
10.2. The Policy comes into force on 25.05.2018.