SIA “KORO BŪVE” PRIVACY POLICY
This policy has been developed in accordance with the European Union General Data Protection Regulation (GDPR), and the relevant national legislative enactments. SIA “KORO BŪVE” (hereinafter also referred to as “we”, “our” or “us”), upon performance of personal data protection, shall protect the privacy of personal data. This Privacy Policy provides general description of the performed data processing, its purposes and how safety is ensured. Additional information on personal data processing may be included in the employment contracts of our employees, contracts with clients and partners, and other documents, related to the activity of SIA “KORO BŪVE”, including our Data storage policy.
Definitions:
Controller: Personal data controller is SIA “KORO BŪVE”, to which the natural person submitted its personal data, based on contractual relations or pre-contractual relations, or the services of which the person (or its legal entity or entity, in which the natural person is the true beneficiary) intends to use.
Person (data subjects of SIA “KORO BŪVE”): Client, Partner, Employee of SIA “KORO BŪVE” and other natural persons, whose data are processed by SIA “KORO BŪVE”, upon performance of Services.
Employee: Natural person, who performs the job responsibilities in the interests of SIA “KORO BŪVE” on the grounds of employment contract.
Client: Natural person or legal entity on behalf of its representative, who is using or has expressed the intention to use the Service of SIA “KORO BŪVE”.
Partner Natural person or legal entity (supplier, subcontractor, service performer) t on behalf of its representative, the service of which is used by SIA “KORO BŪVE”.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
SIA “KORO BŪVE”: Limited liability company “KORO BŪVE”, reg. No 44103022322.
Personal data: any information directly or indirectly relating to an identified or identifiable natural person, employee of SIA “KORO BŪVE” or other natural person, whose data shall be processed in accordance with this Privacy policy and applicable legal enactments (for example, client or partner, who is the true beneficiary or representative of a legal entity).
Processing: any operation performed on Personal data (such as collection, use, entering, storage, editing, disclosure, requesting, transfer, deletion, etc.)
SIA “KORO BŪVE” Service: Any service provided by SIA “KORO BŪVE”, which regulates the entrepreneurship activity (activity) of SIA “KORO BŪVE”.
General information
This Privacy policy shall be applied in cases when SIA “KORO BŪVE” performs processing of personal data:
The Person used, has used or has expressed the intention or interest to use the services of SIA “KORO BŪVE”. This also applies to cases when the Person is indirectly related to any Service (for example, as provider of security, insured person under insurance contract or representative of a private client). The same also applies to cases when the relations have been established before this Privacy policy has come into effect, and also, if the Person provided and/or SIA “KORO BŪVE” acquires Personal data.
SIA “KORO BŪVE” shall process the data if at least one of the following conditions is met:
1. It has lawful grounds: for concluding and performance of employment contract, recording of working time, calculation of salary and ensuring payment of salary, meeting of accountancy requirements, performance of obligations stipulated of the legislation (reporting to the State Revenue Service, the State Social Insurance Agency, for establishing the affiliation of the employee to labour union in case of terminating the employment contract), ensuring “Benefit basket” (mandatory health checks and organizing insurance), recording and control of performance of job responsibilities, Client identification and establishment and performance of contractual relations, performance of obligations, specified in the legislative enactments;
2. It is within legitimate interests of SIA “KORO BŪVE”: for personnel recruitment and employment, protection of property and ensuring safety at the office/construction sites of SIA “KORO BŪVE”, Client assessment and provision of Services, for risk management related to the activity of SIA “KORO BŪVE”, performance of debt recovery actions, performance of management and administrative activities, implementing of authorizations;
3. The person has given its consent: “…. “‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her” GDPR Article 4, Clause 11.
SIA “KORO BŪVE” principal activity is related to performance of construction works (performance of other non-classified specialized construction works (NACE: 43.99)) For Clients: both legal entities and natural persons. We process the Personal data of the Client to ensure Services of SIA “KORO BŪVE”. Accurate set of Personal data to be processed shall apply to:
- (client is a natural person) name, surname, personal code, declared residence, bank account, financial and insurance sources for provision of transaction, financial flow for the performed transactions, name/surname of the representative of the client, phone number and e-mail of the client and the representative of the client;
- (client is a legal entity) name, surname, positions, phone number and e-mail of the representatives and/or employee/-es of the client;
- Personal data of the representatives of the Partner. The collected and processed Personal data shall include the following information: name, surname, personal code; contact information, for example, the phone number, e-mail address, professional certificates;
- Personal data of own employees. The collected and processed Personal data shall include the following information: identification (ID card) and passport data, name, surname, personal code, contact information, declared residence address, phone number, bank account, photo, e-mail address, CV (including, but not limited to the data on the previous employer and the work experience, specified therein), profession, education, professional certificates;
- Client data on participation in companies and other legal entities; Client data on managers and other persons with decisive influence, or representatives of the company, who are using or plan to use the Services of SIA “KORO BŪVE”, as well as their true beneficiaries.
Special categories of Personal data (GDPR Article 9, Clause 1 -*processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation).
We shall process only the following data of special categories of the aforementioned data category:
- information on affiliation of an employee to a labour union and mandatory health check.
These data may be processed on the grounds of clause 2(b) and 2(h) of Article 9 of the GDPR, which permit processing of Special category data if it is necessary to implement measures and rights in the field of employment and the assessment of working capacity of the Employee to the extent permitted by the legal enactments. For example: Pursuant to Section 10 and 11 of the Labour Law the employer shall be obligated to establish whether the employee is a member of a labour union, while un regard to the health data Paragraph 4 of Section 33 of the Labour Law stipulates the rights of the employer to acquire information on the health state of the employee only to the extent that has significant meaning for conclusion of employment contract and performance of the specified work, and, pursuant to Paragraph 2 of Section 36 of the Labour Law, if the employee shall be sent to health check, the doctor shall only specify whether the employee is fit to perform the intended work.
Other special category data shall not be processed by SIA “KORO BŪVE”.
Basically SIA “KORO BŪVE” shall acquire Personal data directly from the person, to whom these data refer. For example, if a Client or Partner signs a contract with SIA “KORO BŪVE” or if the person signs an employment contract with SIA “KORO BŪVE”.
We need the Personal data to be able to provide and receive Services. However, Service transactions with Customers, due to their extent (scope) will require additional information, which SIA “KORO BŪVE” shall collect from other public sources. For example, data on the participation in companies and other legal entities, data on managers and other persons with decisive influence, or representatives of companies, who are using or plan to use Services of SIA “KORO BŪVE”, as well as their true beneficiaries.
We shall request and collect most of the data from the Client or the Partner, but some data we will acquire from other sources. We shall acquire information on obligations of the Person from public registers and other similar public sources.
Interest protection of the Services is related to various risks and our duty is to manage these risks to ensure sustainability of our business and protection of public interests. This means that we shall supervise the implementation of the service projects and warranty period of the already completed projects, and we also learn from our previous experience to improve the procedures of assessment and implementation of new projects.
We shall analyse data that are already at our disposal. Besides, we may acquire updated information from registers and other similar public sources.
To enable SIA “KORO BŪVE” to provided Services, we also have to meet many conditions. Our duty is to provide reports to state authorities, for example, the State Revenue Service, the social insurance institutions. The data included in our report will depend on the requirements of the laws and regulations to be performed.
Sharing of Personal data and protection thereof.
Personal data may be accessed only by persons, who are allowed such access, and the third party, invited by SIA “KORO BŪVE” and other persons, who are granted or permitted such access by laws and regulations, may access Personal data. If processing of Personal data is performed by third parties under the assignment of SIA “KORO BŪVE”, SIA “KORO BŪVE” shall involve only such third parties, who will provide sufficient guarantees for implementation of technical and organizational measures to ensure that Processing meets the requirements of the GDPR and applicable laws and regulations and to ensure protection of the rights of the Client or Partner. Processing activities, undertaken by processers (third parties) shall be always regulated by Privacy and Data processing contract or other special conditions, agreed upon by SIA “KORO BŪVE” and such processer.
We may disclose Personal data: to cooperation partners of SIA “KORO BŪVE”, with whom together SIA “KORO BŪVE” performs the Service (under implementation of each individual service project); to state authorities and other entities, which perform the functions, imposed upon them by the law; to authorised auditors, legal and financial advisors; to Personal data processers, hired by SIA “KORO BŪVE”, who provide support in ensuring Services of SIA “KORO BŪVE”; to credit institutions and financial institutions, to providers of insurance services; to controllers of public registers; to debt recovery companies, to credit rating inquiry (credit information) offices and other third parties, to which SIA “KORO BŪVE” may transfer its rights and obligations.
Data transfer outside EU/EEZ. The data may be transferred outside EU/EEZ only if SIA “KORO BŪVE” ensures appropriate protection measures as required by the GDPR, and such transfer has legal grounds.
To protect Personal data from unauthorized access, unlawful Processing or disclosure, transformations or destruction, we shall undertake appropriate measures to ensure the requirements of the applicable laws and regulations. Such measures include technical measures, for example, selection and configuration of corresponding computer systems, ensuring relevant connection security, protection of data and files, as well as organizational measures, for example, restricting access to such systems, files and objects.
Rights in regard to the processing of Personal data
SIA “KORO BŪVE” wishes to ensure honest and transparent processing of Personal data and that all personal rights, resulting from the applicable laws and regulations, would always be implementable. The data subject shall have the following rights, in particular:
· to access own Personal data, which are processed by SIA “KORO BŪVE”. Upon request of the Data subject SIA “KORO BŪVE” shall:
- confirm whether Personal data related to the Data subject are being processed and shall provide information on the purposes of Processing, Personal data categories and recipients or categories of recipients of Personal data, to which the Personal data have been disclosed;
- inform the Person of the Personal data under processing and the available information on their sources;
- provide information on the automated processing logic of Personal data in case of automated decisions.
· the rights to request making corrections to inaccurate Personal data;
· if the processing of Personal data is based on consent, the Data subject shall be entitled to revoke such consent at any time, without prejudice to the lawfulness of Processing, performed on the grounds of the consent, before revocation of the consent;
· the rights to receive Processed Personal data in a structured, widely used and machine-readable format, and under certain circumstances to transfer the Personal data to another Controller;
· under certain circumstances the Data subject shall be entitled to request deleting of Personal data or restricting Processing thereof;
· the rights to object to Personal data processing for certain purposes and under certain circumstances;
· the Data subject also shall be entitled to submit a complaint to the supervision authority in Latvia – the Data State Inspectorate.
Period of storage of Personal data
The Personal data shall be stored in accordance with the applicable laws and regulations and not longer than necessary. The period of storage of Personal data shall be determined in the Data storage policy of SIA “KORO BŪVE”.
Final provisions. Legal acknowledgement and validity
This Privacy policy shall not constitute a legally binding contract between SIA “KORO BŪVE” and the Client or between SIA “KORO BŪVE” and its employee for establishment of employment relations; these are our guidelines for protection of Personal data. Since we constantly improve and develop our Services, we may from time to time make amendments to our Privacy policy. Such amendments shall not reduce the rights of the Person.