This Privacy Policy (the “Policy”) describes and provides information to natural identifiable persons (the “Data Subject”) as SIA Landscape Construction (hereinafter referred to as the “Controller”) processes the personal data of a Data Subject where they have applied to become a member of SIA Landscape Construction employee, wish to receive services or purchase goods, conclude a contract, attend events organised by the Controller and its business partners, have or intend to visit the Controller’s premises and the surrounding area, contact the Controller using the indicated telephone numbers or communication channels (e-mail, post, submit a complaint or suggestion, or visit social networks administered by the Controller).
In this Policy, the Controller has described the measures to ensure that the interests and freedoms of the data subject are protected, while ensuring that their data is processed fairly, lawfully and in a manner that is transparent to the data subject.
The Policy shall apply to the processing of data of natural persons regardless of the form and/or environment in which the natural person provides personal data (entering the territory and/or premises, by telephone, orally, etc.) and the source of the personal data, and regardless of the systems (video, etc.) of the Controller in which they are processed.
If this Policy is updated, amendments to this Policy will take effect on the date specified in the notices of changes to this Policy. The current version of the Policy will be posted on the Controller’s website www.landscapeconstruction.lv to ensure transparent and fair processing of data. in the Privacy Policy section and at the Controller’s office.
Manager.
SIA Landscape Construction (single reg. No. 40103485255 , contact address: 4 Dēļu Street, Riga, LV-1004, E-mail address: info@landscapeconstruction.lv, website www.landscapeconstruction.lv).
Applicable law.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “the Regulation”).
Law on the processing of personal data.
Other applicable legislation on the processing and protection of natural persons’ data.
Purposes of processing personal data.
In the course of its business activities, the Controller has determined that it has several purposes for processing personal data, which we invite you to read separately:
For the purpose of ensuring the selection and legitimate interests of the Manager’s personnel; What personal data does the Controller process? The categories of personal data processed by the Controller depend on the personal data provided by the Data Subject to the Controller. For example, any information contained in a CV submitted by a Data Subject, such as: name, surname, date of birth, residential address, work and study/training activities, language skills and their application, additional knowledge/skills, interests/hobbies, telephone number, e-mail address, photograph or other identifying information of the Data Subject, as well as information obtained from previous workplaces that have provided references about the Data Subject, if the Data Subject has expressly permitted contact with the relevant previous employers. In the event that the Data Subject is invited to a job interview, the information provided during the job interview, the completed tests and other test papers shall be deemed to constitute personal data of the Data Subject. What is the legal basis for processing personal data? The processing of data for the purpose of recruitment is carried out on the basis of Article 6(1)(a) and (f) of the Regulation, i.e: a) The Controller shall be entitled to process personal data where the Data Subject has given his or her consent to the processing of his or her personal data for one or more specific purposes. The consent of the Data Subject is his or her free will and independent decision, given voluntarily, thereby authorising the Controller to process personal data for the purposes set out in this Policy. Consent is binding if it is given orally (for example, before submitting a CV) and this Policy informs the person that personal data will be processed, by submitting a CV the Data Subject consents to their personal data being used for the purposes set out in this Policy. The person has the right to withdraw his/her prior consent at any time using the contact details provided in this Policy. The withdrawal of consent shall not affect the lawfulness of the processing of data carried out at the time when the consent was valid. Withdrawal of consent may not interrupt the processing of data carried out on the basis of other legal grounds, such as the legitimate interests of the Controller and third parties; b) upon receipt of your CV and/or application, the Manager has a legitimate interest in processing your CV and/or application, assessing the information provided therein, organising an interview procedure, conducting interviews and providing evidence to support the lawful conduct of the relevant recruitment process. In the event of disputes, the information obtained during the recruitment process may be used to reflect the lawfulness of the recruitment process (for example, to investigate complaints received about the recruitment process and to provide evidence in the event of complaints and claims). What is the time period for processing personal data? The controller shall take into account the following circumstances when selecting the criteria for the storage of personal data: (a) whether the retention period of the personal data is established by, or results from, the laws and regulations of the Republic of Latvia and the European Union; (b) the period for which it is necessary to keep the personal data concerned in order to ensure the pursuit and protection of the legitimate interests of the Controller or of the third party; (c) until the consent given by the individual to the processing of personal data has been withdrawn and there is another legal basis for the processing, for example to comply with obligations to which the Controller is subject; d) the Controller needs to protect the vital interests, including life and health, of the Data Subject or another natural person. All information obtained when the Data Subject applies for vacancies as a candidate and/or provides additional information, for example during interviews, will be stored in whole or in part in the Controller’s database for a maximum period of six months in order to safeguard the Controller’s legitimate interests. The Data Controller undertakes to delete the relevant information after the legitimate interest has been met, in accordance with the principle of data minimisation. In the event that the Controller receives complaints about a particular recruitment process, all information processed during the recruitment process will be retained until the complaint has been resolved and the final judgment has entered into force and has been implemented. After the retention period, the personal data will be permanently deleted. Who has access to the information and to whom is it disclosed? Recipients of personal data may be authorised employees of the Controller, Processors, law enforcement and supervisory authorities. a) The controller is obliged to provide information on the personal data processed to: 1.1. law enforcement authorities, the court or other state and local government authorities, if this is ensuing from the regulatory enactments and the respective authorities have the right to the requested information, if it has been specifically requested; (b) where the third party concerned is required to provide personal data within the framework of a contract concluded in order to perform a function necessary for the performance of the contract (for example, personnel interviews carried out by recruitment companies; for the pursuit of the legitimate interests of the Controller); (c) in accordance with a clear and unambiguous request from the Data Subject; d) for the protection of legitimate interests, for example, by legal proceedings or other proceedings before the courts or other public authorities against a person who has infringed the legitimate interests of the Controller.
In order to ensure the accurate provision of services, the fulfilment of contractual obligations and the protection of the legitimate interests of the Controller; What personal data does the Controller process? The categories of personal data processed by the Controller depend on the use of the Controller’s services by natural persons. For example, when a data subject receives or expresses a wish to receive services provided by the Manager, purchase materials and goods from the Manager, in accordance with the requirements of regulatory enactments and the legitimate interest of the Manager, the Manager is obliged and entitled to process the data subject’s identifying information and information confirming the identity of the person. For example, if you return a product or make a complaint about its quality, the Controller is obliged to process your complaint, which requires the Controller to identify the complainant or the person to whom the response needs to be made. In this case, in order to achieve the purpose of providing the services, the Manager may process a volume of personal data, which includes name, surname, personal identification number, contact details, information about the services received and to be received and the range of goods, etc. The relevant information is recorded in the documentation and stored in the data processing system of the Controller. When the data subject receives services or purchases goods, the personal data is processed in accordance with the contract concluded between the Parties. What is the legal basis for processing personal data? The processing of data for the purpose of providing services or selling goods is carried out on the basis of Article 6(1)(b), (c) and (f) of the Regulation, i.e. the processing is necessary for the performance of a contract to which the data subject is a party or for taking measures at the request of the data subject prior to entering into the contract; the processing is necessary for compliance with a legal obligation to which the Controller is subject. Also, in certain cases, to safeguard the legitimate interests of the Controller and third parties (e.g. to investigate complaints received about the quality of the service, the product sold, to carry out follow-up checks to improve the provision of services, as well as to provide evidence in the event of complaints and claims). What is the time period for processing personal data? The controller shall take into account the following circumstances when selecting the criteria for the storage of personal data: (a) whether the retention period of the personal data is established by or results from the laws and regulations of the Republic of Latvia and the European Union; (b) the period for which the personal data concerned need to be kept in order to ensure the pursuit and protection of the legitimate interests of the Controller or of the third party; (c) until the consent given by the individual to the processing of personal data has been withdrawn and there is another legal basis for the processing, for example to comply with obligations to which the Controller is subject; d) the Controller needs to protect the vital interests, including life and health, of the Data Subject or another natural person. When providing services or selling goods, the Controller complies with special laws and regulations that determine its obligation to retain certain data, e.g. the Law on Accounting requires the Controller to keep information on transactions for five years, in compliance with the above, the Controller is guided by the time limits set out in the laws and regulations. On the other hand, when providing services or selling goods for which a warranty period is established, information on aspects of the provision of services will be retained for at least 2 years, subject to the limitation period applicable to the legal relationship in question. If you would like to know more detailed information, please contact the Manager using the contact details above. After the retention period, the personal data will be permanently deleted. Who has access to the information and to whom is it disclosed? Recipients of personal data may be authorised employees of the Controller, Processors, law enforcement and supervisory authorities. The Controller is obliged to provide information about the personal data processed: (a) law enforcement authorities, the courts or other national or local authorities, where this is required by law or regulation and the authorities concerned have a right to the information requested if it has been specifically requested; b) where personal data must be provided to the third party concerned within the framework of a concluded contract in order to perform a function necessary for the performance of the contract (for example, in the case of a guarantee, insurance contract; for the pursuit of the legitimate interests of the Controller) or where it is necessary to improve better service and quality of service to the customer by engaging service providers; (c) in accordance with a clear and unambiguous request from the Data Subject; d) for the protection of legitimate interests, for example, by legal proceedings or proceedings before courts or other public authorities against a person who has infringed the legitimate interests of the Controller.
Media and social media coverage of events organised by the Manager and its cooperation partners to promote and raise brand awareness; What personal data does the Controller process? At events and venues organised by the Manager and its cooperation partners, where the event is photographed and video-recorded, photographs and video images of participants and visitors may be processed, stored in the Manager’s archives, placed on the website, social networks administered by the Manager and other information materials of the Manager. What is the legal basis for processing personal data? For the purpose of publicising the events organised by the Controller in the mass media and on social networks in order to ensure the visibility of the Controller, the processing of personal data is carried out on the basis of Article 6(1)(f) of the Regulation, i.e. the Controller has a legitimate interest in publicising the events it organises or participates in in the mass media and on social networks, thereby ensuring the visibility of its brands. The Controller shall always apply the highest ethical standards when choosing what information to publish, thereby seeking to ensure that publications do not infringe the rights and freedoms of data subjects. At the same time, the Controller is aware that it may not be aware of all the facts and circumstances and, therefore, in order to ensure fair processing, does not prevent any data subject from contacting the Controller at any time using the contact details provided in order to object to processing. At the same time, the Data Controller explains that if you participate in various public events, such as interviews, deliberate photography and filming, it will presumably assume that you have no objection to the publication of the relevant information. What is the time period for processing personal data? The controller intends to store the information independently. Also, the Data Controller, in order to comply with the principle of fair data processing, explains that, given that the purpose of the data processing is to publish information about the events of the Data Controller, the material obtained will be publicly available and any third party will be able to access it. Who has access to the information and to whom is it disclosed? Recipients of personal data may be authorised employees of the Controller, processors, law enforcement and supervisory authorities. If the third party concerned is required to transfer personal data within the framework of a concluded contract in order to perform a function necessary for the performance of the contract (for example, in the case of an insurance contract, for the exercise of the legitimate interests of the Controller; to a service provider for video editing work) or if it is necessary to improve better service and quality of service to event attendees). The Manager informs that the Processors it has selected (google.com (google analytics), facebook.com, etc.) are recognised as companies operating outside the European Union and the Member States of the European Economic Area, so the Manager invites you to consult the privacy policies of these companies or contact the Manager separately to request additional information on the terms of cooperation.
Preventing or detecting offences related to the protection of property, ensuring the protection of the legitimate interests of the controller and third parties in the event of infringements and protecting the vital interests of individuals, including life and health; What personal data does the Controller process? When a data subject enters/leaves the premises of the Controller or its territory where video surveillance is carried out, a video image of him/her and the time when he/she visited the premises and/or territory may be processed. Video surveillance shall not be carried out in areas where data subjects have a high expectation of privacy, rest areas, changing rooms, etc. The recording areas of the CCTV cameras are concentrated on corridors, entrance/exit, cars, their flow in the territory of the Manager. What is the legal basis for processing personal data? Video surveillance is carried out for the purpose of preventing or detecting criminal offences related to the protection of persons and property, the protection of the legitimate interests of the Controller or a third party and the protection of vital interests of persons, including life and health. Video surveillance is carried out on the basis of Article 6(1)(d) and (f) of the Regulation, i.e. The processing of personal data is necessary for the protection of the vital interests of the data subject or of another natural person (e.g. video surveillance where the processing of personal data is necessary for the protection of life and health of a person relating to the prevention and/or detection of criminal offences); for the protection of the legitimate interests of the Controller and third parties (e.g. prevention or detection of criminal offences relating to the protection of property, to provide evidence in disputes). What is the time period for processing personal data? Video surveillance recordings for the purpose of preventing or detecting criminal offences relating to the protection of persons and property, the protection of the legitimate interests of the Manager or a third party and the protection of the vital interests of persons, including life and health, will be kept for a period not exceeding 30 days, unless the video recording in question reflects potentially unlawful conduct or conduct that is likely to assist the Manager or third parties in securing their legitimate interests. In this case, the relevant video recording may be retrieved and retained until the legal interest has been enforced. Who has access to the information and to whom is it disclosed? Recipients of personal data may be authorised employees of the Controller, Processors, law enforcement and supervisory authorities.
The storage and recording of incoming and outgoing communications (emails, postal mail, in some cases requests received on social networking profiles administered by the Manager) to ensure the fulfilment of the obligations attributable to the Manager and to ensure the legitimate interests of the Manager. What personal data does the Controller process? When you use the various possibilities to contact the Manager in writing, the information related to the specific letter, request, application will be stored. Despite the fact that the Manager encourages you to use official means of communication, there may be situations where you have chosen to contact the Manager via social networking platforms. In these cases, you should be aware that the Manager may have additional information reflected on the relevant social network. What is the legal basis for processing personal data? The retention of information about the fact and content of the communication is based on Article 6(1)(c) and (f) of the Regulation, i.e. where you have made a claim or request which gives rise to an obligation on the part of the Controller to deal with your request, the lawful basis for processing is that lawful obligation, whereas for the purposes of the legitimate interests of the Controller and third parties (for example, to investigate complaints about the quality of customer service and to provide evidence against potential claims), the lawful basis for processing is the legitimate interests of the Controller. What is the time period for processing personal data? For the purpose of achieving the purpose, the Controller will keep the relevant information for a period not exceeding two years, unless it is necessary to use the relevant information to safeguard the Controller’s legitimate interests for a longer period (e.g. preservation of evidence in the event of a dispute). In this case, the relevant documents, records will be retained until such time as the legitimate interest is satisfied. Who has access to the information and to whom is it disclosed? Recipients of personal data may be authorised employees of the Controller, Processors, law enforcement and supervisory authorities, court.
How will the data subject be informed about the processing of his/her personal data? The data subject shall be informed of the processing of personal data specified in this Policy using a multi-level approach, which includes the following methods: a) notices shall be displayed at the video surveillance sites, alerting Data Subjects (pedestrians, drivers, visitors, employees, etc.) that video surveillance is taking place on the territory of the Controller, providing basic information related to the video surveillance, as well as informing about the possibilities to obtain more detailed information; b) by visiting the website, the Data Subject may consult the notice on which cookies are used and is invited to read this Policy; c) this Manager’s Policy is publicly available on the Internet on the Manager’s website and at the Manager’s office from the office administrator. d) at public events where photographs and videos may be taken to promote the brands represented by the Manager, the information specified in this Policy will be displayed in the data processing locations.
Data subject rights.
The data subject shall have the right to request the Controller access to his/her personal data and to obtain clarifying information on what personal data the Controller holds about him/her, for what purposes the Controller processes such personal data, categories of recipients of personal data (persons to whom personal data have been disclosed or to whom they are intended to be disclosed, unless the laws and regulations in a particular case allow the Controller to provide such information (e.g, the Controller cannot provide the Data Subject with information about relevant public authorities who are the instigators of criminal proceedings, the subjects of operational activities or other authorities about which the laws and regulations prohibit such disclosure)), information about the period for which the personal data will be stored or the criteria used to determine that period.
If the Data Subject considers that the information held by the Data Controller is outdated, inaccurate or incorrect, the Data Subject shall have the right to have his or her personal data rectified.
The data subject has the right to have his or her personal data erased or to object to processing if he or she considers that the personal data have been unlawfully processed or are no longer necessary for the purposes for which they were collected and/or processed (implementing the right to be forgotten principle).
The Controller informs that the Data Subject’s personal data cannot be erased if the processing of personal data is necessary: (a) to protect the vital interests, including life and health, of the Data Subject or another natural person; (b) to protect the property of the Manager; (c) for the establishment, exercise or defence of legitimate (legal) interests by the Controller or a third party; d) for archiving purposes in accordance with the laws and regulations in force in Latvia governing the establishment of archives.
The Data Subject shall have the right to require the Controller to restrict the processing of the Data Subject’s personal data in one of the following circumstances: a) the data subject contests the accuracy of the personal data – for a period during which the Controller may verify the accuracy of the personal data; (b) the processing is unlawful and the Data Subject objects to the erasure of the personal data and requests instead that the use of the data be restricted; (c) the Controller no longer needs the personal data for processing, but the Data Subject needs the personal data for the establishment, exercise or defence of legal claims; (d) the data subject has objected to the processing, pending verification that the controller’s legitimate grounds do not override those of the data subject.
Where the processing of personal data of a Data Subject is restricted in accordance with paragraph 5, such personal data shall, with the exception of storage, be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest.
The Controller shall inform the Data Subject prior to lifting the restriction on the processing of the Data Subject’s personal data.
The data subject has the right to lodge a complaint with the Data Inspectorate if he/she considers that his/her personal data have been unlawfully processed by the Controller, at the same time, the Controller invites the data subject first to contact the Controller by e-mail: info@landscapeconstruction.lvin order to find a solution promptly if your right to the protection of personal data has been violated.
The data subject may submit a request for the exercise of his or her rights in the following way: a) in writing in person at the premises of the Controller, on presentation of an identity document (e.g. passport or ID card, etc.), as the Data Subject is obliged to identify himself/herself; (b) by electronic mail, signed with a secure electronic signature. In this case, the data subject shall be presumed to have identified himself or herself by submitting a request signed with a secure electronic signature. At the same time, the Controller reserves the right, in case of doubt, to request additional information from the data subject if it deems it necessary. Electronic submissions shall be sent to the following e-mail address: info@landscapeconstruction.lv ; (c) by post. The reply will be prepared and sent by registered letter, thus ensuring that unauthorised persons cannot receive it. At the same time, the Controller reserves the right, in case of doubt, to request additional information from the data subject if it deems it necessary.
The data subject shall be obliged to specify as far as possible in his or her request the date, time, place and other circumstances which would help to comply with his or her request.
Upon receipt of a written request from the Data Subject to exercise its rights, the Controller shall: (a) verify the identity of the person; (b) evaluate the request if: can provide the request, such as viewing video footage, then the Data Subject, as the requestor, may receive a copy of the video footage or other data; additional information is required to identify the Data Subject requesting the information, then the Data Subject will be asked to provide additional information in order to be able to correctly select the information (e.g. time of visits to premises, use of services, goods purchased) where the Data Subject is identifiable; the information has been deleted or the person requesting the information is not the Data Subject or the person is not identifiable, the request may be rejected in accordance with this Policy and/or laws and regulations; in the event that the Manager has received a request but you have not left your contact details so that the Manager can contact you during the processing of the request and inform you of the outcome of the processing of the Request, the Manager undertakes to prepare a written response within one month, which will be available at the Manager’s office. The relevant response letter will be kept at the office of the Manager for a maximum period of two months from the date of the Request.
How is personal data protected?
The controller shall ensure, keep under constant review and improve the personal data protection measures to protect the personal data of natural persons against unauthorised access, accidental loss, disclosure or destruction. To ensure this, the Controller shall use appropriate technical and organisational requirements, including the use of firewalls.
The Controller shall carefully examine all service providers that process personal data of natural persons on behalf of and on behalf of the Controller, as well as assess whether the cooperation partners (personal data processors) apply appropriate security measures to ensure that the processing of personal data of natural persons is carried out in accordance with the Controller’s delegation and the requirements of regulatory enactments.
In the event of a personal data security incident, if it poses a potentially high risk to the rights and freedoms of the data subject, the Controller will notify the Data Subject concerned, if possible, or the information will be made public on the Controller’s website or in any other possible way, such as through the media (TV, radio, newspaper, social networks, etc.).
Mūsu mājaslapa izmanto sīkdatnes, kas uzlabo Jūsu pārlūkošanas pieredzi un pielāgo saturu Jūsu vajadzībām. Detalizētāka informācija par mūsu izmantotajām sīkdatnēm ir pieejama sadaļā Privātuma politika.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
