Privacy policy
1. Purpose
1.1. The purpose of the Privacy Policy is to provide individuals—data subjects—with information about the purposes and legal basis for the processing of personal data by SIA “VIC TEC”, the scope and categories of personal data processed, storage periods, personal data protection measures, and the rights of data subjects.
1.2. The Privacy Policy applies to the processing of personal data of individuals, regardless of the form, manner, and/or environment in which the personal data is processed.
2. Terms and Abbreviations
2.1. Processing – any operation performed on personal data.
2.2. Data Subject – an identified or identifiable natural person.
2.3. User – a visitor to the Website.
2.4. Controller – the personal data controller that processes personal data, independently determining the purposes and means, is SIA “VIC TEC”, unified registration No. 40203526901, legal address: Vesetas iela 7, Riga, LV-1013, Latvia, phone: +371 22402 659, email: office@victec.lv.
2.5. Personal Data – any information relating to an identified or identifiable natural person.
2.6. Cookie – a text file stored on the device used to browse the website.
2.7. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
2.8. Website – SIA “VIC TEC” websites www.victec.lv, www.victec.eu.
3. Principles of Personal Data Processing
3.1. Lawfulness, Fairness, and Transparency:
3.1.1. Processing has a legal basis.
3.1.2. Before processing begins, the Controller evaluates the proportionality of its interests against the interests of the Data Subject.
3.1.3. Data Subjects are informed about the processing in clear and simple language.
3.2. Purpose Limitation:
3.2.1. Personal data is collected and processed only for specified purposes.
3.3. Data Minimization:
3.3.1. The scope of collected and processed personal data does not exceed what is necessary for the specified purposes.
3.4. Accuracy:
3.4.1. Only accurate and up-to-date personal data is processed; outdated or incorrect personal data is promptly updated, corrected, or deleted.
3.5. Storage Limitation:
3.5.1. Personal data is stored only as long as necessary for the specified purposes or to comply with applicable legal requirements.
3.6. Integrity and Confidentiality:
3.6.1. Personal data is protected by restricting access to persons without a legal basis for processing and by implementing measures to prevent loss or disclosure of personal data.
4. Purposes of Personal Data Processing
4.1. The purposes of processing depend on the nature and essence of the relationship between the Controller and the Data Subject:
4.1.1. Data Subjects who are Business Partners or Related Persons:
4.1.1.1. Conducting economic and business activities.
4.1.1.2. Establishing and maintaining business relationships.
4.1.1.3. Concluding contracts and related activities.
4.1.1.4. Identifying the business partner and/or their representative.
4.1.1.5. Communication.
4.1.1.6. Handling and processing applications, complaints, requests, and other submissions.
4.1.1.7. Conducting commercial activities.
4.1.1.8. Debt collection.
4.1.1.9. Protecting legitimate interests.
4.1.1.10. Fulfilling contractual obligations.
4.1.1.11. Complying with applicable legal requirements.
4.1.2. Data Subjects who are Job Applicants or Employees:
4.1.2.1. Implementing obligations and rights in the areas of employment, social security, and social protection.
4.1.2.2. Evaluating a job applicant’s suitability for employment criteria.
4.1.2.3. Communication.
4.1.2.4. Establishing employment relationships.
4.1.2.5. Registering employees in state administration systems and submitting required information in accordance with applicable legal requirements.
4.1.2.6. Paying salaries.
4.1.2.7. Auditing employee activities in information systems, including records of access, data entry, modification, deletion, and creation.
4.1.2.8. Organizing training.
4.1.2.9. Fulfilling other obligations and duties arising from employment relationships and applicable legal requirements.
5. Categories of Personal Data
5.1. The categories of personal data depend on the nature of the relationship between the Data Subject and the Controller and the purposes of personal data processing:
5.1.1. Identification Data – name, surname, personal identity number, or date of birth.
5.1.2. Contact Information – phone number, email address, residential address, correspondence address.
5.1.3. Financial Information – bank account number.
5.1.4. Personal data processed based on applicable legal requirements, including compliance with the Law on International and National Sanctions of the Republic of Latvia.
6. Legal Basis for Personal Data Processing
6.1. The legal bases for processing by the Controller are as follows:
6.1.1. Consent of the Data Subject for processing.
6.1.2. The Controller’s legitimate interests – conducting commercial activities, identifying and researching business partners, business management, accounting, record-keeping, archiving, ensuring internal processes, handling complaints, providing support related to established business relationships, managing cash flow effectively, administering debts and payments, ensuring the protection of legal interests, and fulfilling contractual obligations.
6.1.3. Legal basis – compliance with applicable legal requirements.
7. Categories of Recipients of Personal Data
7.1. Access to personal data is granted to the Controller’s employees who need the personal data to perform their direct job duties.
7.2. Personal data may be transferred to another Controller or Processor only to the extent and in the manner necessary for the purposes specified in the Privacy Policy, and to the extent that the Controller is entitled or obliged to do so under the law or a concluded contract.
7.3. Categories of recipients of personal data:
7.3.1. The Controller’s employees.
7.3.2. Service providers who, under a contract, strictly follow the Controller’s instructions and are controlled by the Controller.
7.3.3. State and municipal institutions, only to comply with legal and regulatory requirements.
7.3.4. Third parties within the framework of fulfilling contractual obligations.
8. Cross-Border Transfer of Personal Data
8.1. The transfer of personal data outside the European Economic Area may be carried out, ensuring special protection of personal data as required by GDPR.
8.2. When transferring personal data outside the European Economic Area, it is ensured that:
8.2.1. The transfer has an appropriate legal basis.
8.2.2. All necessary security measures are implemented.
8.2.3. Only the personal data necessary to achieve the specified purposes are transferred, and only to the extent required.
9. Data Storage Period
9.1. Personal data is stored as long as there is a basis or legal obligation to store it, and as long as storage is necessary to achieve the relevant processing purposes.
9.2. Once the basis for storage ceases, personal data is destroyed.
10. Data Subject Rights and Their Exercise
10.1. The Data Subject has the following rights:
10.1.1. The right to access their personal data and receive copies thereof.
10.1.2. The right to rectify inaccurate personal data.
10.1.3. The right to request the deletion of their personal data and “to be forgotten.”
10.1.4. The right to restrict the processing of their personal data.
10.1.5. The right to receive information about the correction, deletion, or disclosure/transfer of their personal data.
10.1.6. The right to “retrieve” their personal data if processing is based on the Data Subject’s consent, and to request the transfer of their personal data to another organization.
10.1.7. The right to object to the processing of their personal data in cases where the right to data protection outweighs the Controller’s legitimate interests.
10.1.8. The right to withdraw consent for the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to withdrawal.
10.1.9. The right to lodge a complaint with the supervisory authority (Data State Inspectorate, https://www.dvi.gov.lv/en). Documents can be submitted to the Data State Inspectorate by mail, email (with a secure electronic signature), or left in the mailbox on the 1st floor at Elijas iela 17, Riga, LV-1050. The Data State Inspectorate accepts email submissions sent to pasts@dvi.gov.lv.
10.2. The Data Subject may exercise control over their personal data by submitting a relevant request to the Controller, either electronically to office@victec.lv or in writing to the Controller’s legal address.
10.3. Upon receiving the Data Subject’s request, the Controller verifies the Data Subject’s identity. Requests submitted electronically must be signed with an electronic signature. For written or oral requests, the Data Subject must be able to prove their identity.
10.4. If a request is submitted on behalf of the Data Subject, the submitter must provide proof of their representation rights to the Controller.
10.5. The Controller responds to Data Subject requests no later than one month from the date of receipt. In cases where processing and responding to the request takes longer, the Controller informs the Data Subject of the delay and its reasons within one month of receiving the request.
10.5. (continued) In any case, the period for processing and responding to a request may not exceed three months.
10.6. Processing of a Data Subject’s request is free of charge, except in cases where the request is clearly unfounded, excessive, or regularly repeated. In such cases, the Controller may request compensation for administrative costs associated with providing the response or refuse to fulfill the request.
11. Cookie Processing
11.1. Cookies are collected on the Website to assess its usefulness, make improvements, and enhance usability. Cookies are used to obtain information about the type of content important to Users, what they prefer to read, how often Users visit the Website, which devices and browsers are used, and from which region Users come. Cookies allow the Controller to monitor Website traffic and User interactions with the Website.
11.2. The legal basis for using cookies is the Controller’s legitimate interest in ensuring the functionality, accessibility, and integrity of the Website.
11.3. The categories of cookies used depend on their purpose:
11.3.1. Technical (Mandatory) Cookies, which ensure the proper functioning of the Website. Technical cookies are used for technical purposes: to ensure proper functionality and security of the Website and to investigate potential security incidents. The basis for collecting technical cookies is the Controller’s legitimate interest in ensuring the technical availability and integrity of the Website. These cookies are used without User consent, as the Website cannot function without them.
11.3.2. Functional Cookies, which remember User settings to avoid re-entering the same information on each visit.
11.3.3. Statistical Cookies, to collect information about Users and Website visits.
11.4. Additional information about cookies, as well as their deletion and management, can be found at www.aboutcookies.org.
11.5. Users can control and/or delete cookies at their discretion, except for Technical (Mandatory) Cookies. More information about this process is available at www.aboutcookies.org.
11.6. Users can delete all cookies stored on their device, and most browsers can be set to block cookie placement. Users can opt out of cookies via the browser menu or at https://tools.google.com/dlpage/gaoptout. To make the necessary settings, Users should review their browser’s rules. If cookies are blocked, Users may need to manually adjust settings each time they visit the Website, and some services and functions may not work.
11.7. Only Controller employees responsible for analyzing such data may access cookies.
11.8. Cookies are stored until the action for which they were collected is completed, after which they are deleted.
11.9. The Website provides a form for questions, and when used, the Website stores the IP address and data provided by the User. Cookies containing this data are stored for one year to avoid re-entering the same information on subsequent visits.
12. Validity of the Privacy Policy
12.1. The Controller is committed to regularly improving and updating the Privacy Policy.
12.2. For questions related to the Privacy Policy or data processing, as well as in other cases, please contact the Controller at office@victec.lv.