1. Controller of Personal Data Processing
1.1. Controller of personal data processing is SIA “Nortrade”, reg. No. 50103320141, registered address: Anniņmuižas bulvāris 38-78, Riga, LV-1067, telephone: 29420423, e-mail: evija@nortrade.lv, website: https://nortrade.lv/en
2. Processor of Personal Data:
2.1. SIA “Nortrade”, reg. No. 50103320141, registered address: Anniņmuižas bulvāris 38-78, Riga, LV-1067, shall process personal data of recipient of the service (hereinafter referred to as – the Customer (existing or prospective recipient of services from SIA “Nortrade”.)) and other persons in the scope and manner required and permissible according to regulatory acts of the Republic of Latvia and the European Union, taking into consideration the directions received from the controllers of data processing, and take the appropriate technical and organizational data protection measures. Data of the Customer may also be collected and processed by other processors of personal data related to SIA “Nortrade” and the authorized processors of personal data.
3. Applicable Legal Acts:
3.1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the General Data Protection Regulation);
3.2. The Personal Data Processing Law;
3.3. The Archives Law;
3.4. The Accounting Law;
3.5. The Electronic Documents Law;
3.6. Etc.
4. What does the Privacy Policy mean?
4.1. The Privacy Policy (hereinafter referred to as the Policy) provides information about how is SIA “Nortrade” collecting, processing, storing, sharing, deleting and protecting personal data of the Customer and other persons to ensure that personal data of the Customer are processed in a legitimate, fair and transparent manner. The Policy applies to personal data of the Customer, processing of any personal data, and the service provided to the Customer.
4.2. Whenever this Policy is updated by SIA ”Nortrade”, all and any changes will be published by SIA ”Nortrade” on their website https://nortrade.lv/en, section “Privacy Policy”.
4.3. SIA “Nortrade” shall process the data collected from the provision of services to provide better and more appropriate products and services to the Customer and to provide, maintain, protect and upgrade the existing services.
5. What personal data are processed by SIA “Nortrade”, and what are the purposes of processing of the Customer’s personal data.
5.1. Categories of personal data processed by SIA “Nortrade” depend on the services used by the Customer.
PURPOSE OF DATA PROCESSING |
DATA SUBJECTS |
PERSONAL DATA |
LEGAL GROUNDS |
TIME OF STORAGE (CRITERIA) |
To contact a Customer who seeks employment; to propose positions potentially interesting for the Customer in question, and to make an interview appointment. |
Potential Customers |
Personal data provided online and publicly available from personnel selection databases or otherwise provided by the Person (such as e-mail, gender, year of birth, expected date of interview, language knowledge, name, surname, telephone No., preferred salary, changes in status, vacancy announcement, CV, passport data, ID, personal properties, qualifications, certificates, skills. |
Processing is required to serve legitimate interests of the Controller, unless the interests and fundamental rights and freedoms of the data subject to which the protection of personal data applies overweigh such interests. The legitimate grounds then are provision of personalized services to the Customers and communication with them. The Controller is prepared to provide services to the Potential Customers (including but not limited to proposal of vacancies, invitation to selection procedures, etc.), and this also necessary to enable the Controller to pursue their business activities. |
6 months |
To provide services to Persons – Customers, in particular to help in seeking employment, selection of the vacancy most appropriate to the Customer, proactive search of vacancies available from business partners of the Controller, and infoming about the vacant positions. |
Customers |
Processing will basically cover the Personal Data collected directly from Persons: name, surname, address, language knowledge, date of birth, previous employment, information on availability of a personal car, e-mail, sources from which the applicant has obtained information about available vacancies, qualifications, certificates, skills, mobile telephone No., personal photo, content of references, salary preferences, the position applied for, changes in status, previous job experience, restrictions, personal properties, passport data, ID, copy of medicinal certificate (where appropriate for the position), a personal identification document to confirm availability of electronic signature, feedback from previous employers. |
Processing is required for fulfillment of agreement with the Person, or for taking certain actions upon the Person’s request prior to the entering into agreement. |
2 years from entering Personal Data into the questionnaire, or 2 years from entering into employment agreement (regardless of whether or not the employment agreement is limited in time, if employment lasts less than 2 years, the period will be counted again from the date of entering into a new agreement). |
To inform about new services, business novelties, events, upgrading of the provided services, and similar information. |
Customers / Employees |
Processing will cover only the Personal Data necessary for communication with the Customer: name, surname, contact information (e-mail address and mobile telephone No.). |
The Customer consents to the processing of Personal Data for this specific purpose. |
During the operation of the existing agreement. In the event of processing of the Customers’ personal data the agreement between the Controller and the customer on the provision of services shall be considered valid for 2 years from filling in of the Customer’s questionnaire, 2 years from entering into employment agreement (regardless of whether or not the employment is limited in time), or at the Customer’s option for the period of employment plus 2 years from termination of employment relations (at their choice). |
To fulfill the employment agreement |
Employees / Administration staff |
Most of Personal Data are collected directly from the Customer, while certain personal data may be collected also from other sources (third parties): name, surname, address, language knowledge, date of birth, mandatory health certificate, CV, addresses, data of employment agreement, and data necessary for fulfillment of the employment agreement (including non-taxable amount, social insurance number, dates of annual leave, daye of termination, etc.), certificates, nationality, gender, telephone numbers, ID, personal ID, photo, position-relevant qualifications, salary preferences, sanitary record, signature, restrictions, domestic residence address, domestic residence permit, pension insurance, Personal Data of third parties (optional, provided that the Employee provides consent issued by such third party to the processing of their Personal Data): name, surname, personal number (ID) and bank account No. |
Processing is required for fulfillment of agreement with the Person, or for taking certain actions upon the Person’s request prior to the entering into agreement. |
According to the general principle during the validity of the employment agreement, provided however that some of the above-listed Customer data may be kept longer for the period of archival keeping prescribed by regulatory acts. |
Pre-contractual relations, for study of demand and for the purpose of exercising of the rights and obligations arising from the agreement. |
Potential Customers / Customers |
Personal data necessary for contact and communication in pre-contractual relations and during the validity of agreement: name, surname, job title, mobile telephone No., e-mail address, employer’s address, skype contact information, financial or banking information, signature, e-mail communication history, name of company. |
Legitimate interest: provision of personalized pre-contractual services and communication with the potential Customers. The Controller intends to provide services to the potential Customers (including but not limited to the offering of potential applicants for vacant positions), and also necessary for business activities of the Controller. |
3 years from the most recent contact with the potential customer or the potential supplier. If agreement is entered into – 10 years from termination of the agreement unless longer period is prescribed by regulatory acts that govern archival keeping. |
5.2. SIA “Nortrade” shall process personal data to ensure that services are provided to the Customer in a qualitative, timely and proper manner during the validity of contractual relations with SIA “Nortrade”:
5.2.1. for management (including remote management) of Customer relations to ensure the entering into and fulfillment of Agreements as well as implementation of the related processes;
5.2.2. for handling of Customer complaints and provision of support (including technical support) in relation to the provided services;
5.2.3. for effective management of cash flow including administration of the Customer’s payments and debts;
5.2.4. for video surveillance for the purpose of security of the property as well as human health and lives.
5.3. SIA “Nortrade” shall process personal data to promote development of the industry and offer new services to the Customers including:
5.3.1. development and offering of new services;
5.3.2. SIA “Nortrade” shall process statistical data of the customers for the purpose of conducting market analysis and development of business model.
5.4. SIA “Nortrade” shall process personal data to develop and maintain the internal processes of SIA “Nortrade”, ensure circulation of documents and other internal processes (such as archiving of agreements and other documents) insofar relevant and adequate for that purpose.
6. What are the grounds of processing of the Customer’s personal data?
6.1. The Customer’s consent: The Customer as the subject of personal data consents to the collecting of personal data and to their processing for certain purposes. The Customer’s consent to the purposes of direct marketing for the making of new and tailored offers shall apply to the activities of SIA “Nortrade” from the effective date of the General Data Protection Regulation. The Customer’s consent is their free choice and independent decision that may be made at any time thus authorizing SIA “Nortrade” to process personal data for certain purposes. The consent shall be binding upon the Customer if made in verbal (in telephone conversation after identification of the Customer) or written form by filling in the form at the SIA “Nortrade” office, or upon electronic request after identification of the Customer. The Customer shall be entitled to revoke the earlier made consent at any time via the communications channels determined for communication with SIA “Nortrade”. The notified changes shall come into effect within three business days from receipt of the application. Revocation of consent shall have no effect on the legitimacy of processing based on consent prior to revocation.
6.2. Entering into and fulfillment of agreement: SIA “Nortrade” has to pool and process certain personal data collected prior to the entering into or during the operation of agreement with SIA “Nortrade” in order to enter into and fulfil agreement with the Customer by qualitative provision of services and servicing of the Customer.
6.3. Legitimate interests of SIA “Nortrade”: taking into consideration the interests of SIA “Nortrade” based on provision of qualitative services and timely support to the Customer, SIA “Nortrade” has the right to process personal data of the Customer to the extent objectively necessary and adequate for the purposes specified in this Policy. Legitimate interests of SIA “Nortrade” cover the processing of personal data in the provision of direct services.
6.4. Fulfillment of legal obligations: SIA “Nortrade” has the right to process personal data to ensure compliance with the requirements of regulatory acts and to respond to lawful requests of governmental and municipal authorities.
6.5. Protection of vital interests: SIA “Nortrade” has the right to process personal data in order to protect vital interests of the Customer or another natural entity, for example, where processing is required for humanitarian purposes, monitoring of the situations arising from natural calamities or human actions, in particular epidemics and the spread thereof, or in the situations of humanitarian emergency (acts of terrorism, situations of technogenic catastrophes, etc.).
6.6. Exercising of the official authority or public interests: SIA “Nortrade” has the right to process data for the purpose of a task performed to serve public interest or to exercise official authority lawfully granted to SIA “Nortrade”. If this is the case, grounds for the processing of personal data are stipulated in regulatory acts.
7. Is the Customer entitled to limit the processing of their data?
7.1. A Customer has the right to object to the processing of their personal data or unsubscribe from receipt of commercial notifications at any time by notice to SIA “Nortrade” in verbal form (in a telephone conversation after identification of the Customer) or in writing by filling in the form at the office of SIA “Nortrade”, or send to the specified e-mail address an electronic request signed with a secure electronic signature. The notified changes shall come into effect within three business days, and they can be applied to all or part of the data provided by the Customer (at the Customer’s option, except the data the omission of which would make it impossible to meet the contractual obligations). The changes shall have no effect on validity of the processing of personal data prior to receipt of the Customer’s objections and/or revocation specified above in this Paragraph.
8. How does SIA “Nortrade” collect personal data of the Customer?
8.1. SIA “Nortrade” shall collect personal data of the Customer when the Customer:
8.1.1. is using the services of SIA “Nortrade” (in the office of SIA “Nortrade” or on remoted basis, subject to prior identification of the Customer);
8.1.2. subscribes for receipt of news, warnings or other services from SIA “Nortrade”;
8.1.3. applies to SIA “Nortrade” for more detailed information about the product used or service made available to the Customer, or contacts SIA “Nortrade” concerning a complaint or request of information, subject to identification of the Customer;
8.2. SIA “Nortrade” can process personal data of the Customer received from third parties, subject to the Customer’s consent (for example, from the keepers of debt history databases or similar)).
9. How long is the period for processing of the Customer’s personal data?
9.1. SIA “Nortrade” shall process personal data of the Customer as long as at least one of the following conditions is met:
9.1.1. a valid Agreement exists between the Customer and SIA “Nortrade”;
9.1.2. storage period of personal data is prescribed by or derived from regulatory acts of the Republic of Latvia or the European Union;
9.1.3. as long as necessary for the exercising and protection of legitimate interests of SIA “Nortrade”;
9.1.4. until the Customer revokes their consent to the processing of personal data.
10. Sharing of personal data of the Customer
10.1. In order to provide services to the Customer, SIA “Nortrade” may share personal data of the Customer with:
10.1.1. business partners engaged in the provision of services ordered or used by the Customer;
10.1.2. debt collection agencies, credit information bureaus, keepers of debt history databases or other debt recovery organizations;
10.1.3. assignees: SIA “Nortrade” has the right to assign the right of claim towards a debtor or debtors in order to ensure effective management of cash flows.
10.2. SIA “Nortrade” has the duty to provide information about personal data to law enforcement authorities, courts or other governmental or municipal authorities where such duty arises from regulatory acts or information enquiry made by the authority in question;
10.3. SIA “Nortrade” shall transfer personal data of the Customer only in the scope that is required and adequate according to the requirements of regulatory acts, taking into consideration the objective circumstances of the specific situation.
10.4. SIA “Nortrade” reserves the right to transfer personal data of the Customer to other service providers where such transfer is required to ensure better service and qualitative servicing of the Customer.
11. How does SIA “Nortrade” protect personal data of the Customer made available to them?
11.1. SIA “Nortrade” shall ensure, continuously review and improve the protective measures to protect personal data of the Customer from unauthorized access, unintentional loss, disclosure or destruction. To ensure this, SIA “Nortrade” applies modern technologies, technical and organizational requirements including the use of firewalls, break-in detection, analysis software and encrypting of data.
11.2. SIA “Nortrade” thoroughly checks all and any service providers processing personal data of the Customer on behalf and upon the instruction of SIA “Nortrade” and determines whether or not their business partners (processors of personal data) apply adequate security measures to ensure that processing of personal data of the Customer complies with the assignment delegated by SIA “Nortrade” and requirements of regulatory acts. A separate agreement shall be executed on the data processor concerning such assignment by SIA “Nortrade”, whereby the data processor undertakes to comply with the requirements of the applicable regulatory acts. Business partners have no authority to process personal data of the Customer for their own purposes.
11.3. SIA “Nortrade” assumes no liability for any unauthorized access to personal data and/or loss of personal data that does not depend on SIA “Nortrade”, for example, through the Customer’s fault and/or negligence.
11.4. If personal data of the Customer are jeopardized, SIA “Nortrade” shall notify the Customer thereof.
12. What are the rights of the Customer?
13.1. The right to apply to SIA “Nortrade” for obtaining copies of the personal data at disposal of SIA “Nortrade”.
13.2. The right to apply for correction their personal data at disposal of SIA “Nortrade” verbally by call to the indicated telephone or in writing by filling in the form in the office of SIA “Nortrade”, or by sending to the indicated e-mail address an electronic request signed with a secure electronic signature.
13.3. The Customer has the right to obtain information about the legal or natural entities who have received information from SIA “Nortrade” about the Customer during a specific period. SIA “Nortrade” shall provide no information to the Customer about the public authorities who are directing criminal proceedings, subjects of operative actions or other authorities if disclosure of data in respect of them is prohibited by the law.
13.4. The right to request deletion or restriction of the processing of personal data if their processing is no more required for the purposes for which the data have been collected and processed (the right “to be forgotten”).
13.5. The Customer has the right to transferability of their personal data upon change of the service provider.
13.6. The right to apply to SIA “Nortrade” or the authority supervising the processing of personal data (Data State Inspectorate, www.dvi.gov.lv) in the matters concerning the processing of personal data;
13.7. The right to apply to the personal data processing official of SIA “Nortrade” for information regarding the processing and protection of personal data of the Customer.
APPROVED by:
SIA “Nortrade”
Member of the Board
Edgars Rupeiks