Privacy policy

We recognize the importance of personal data, therefore we have developed this Privacy Policy to protect the processing of your personal data and to inform you of your rights and obligations in relation to the processing of your personal data.

This privacy policy is applicable to the following persons (hereinafter – the Data Subject or you):

our cooperation partners, their authorized persons, including potential, former, current;
visitors to the territory of our company, regardless of the reason for visiting the territory;
visitors of our website.

The purpose of the Privacy Policy is to provide the Data Subject with information on the purpose, legal basis, scope and processing term for the processing of personal data in a manner appropriate to the Data Subject.

Our Privacy Policy is developed in compliance Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Regulation), the Personal Data Processing Act and other applicable laws in the field of data processing.

The Privacy Policy applies to the processing of personal data regardless of the form and / or environment in which personal data is provided (entering the territory and / or premises, by telephone, orally, etc.) and of the source of personal data, regardless of the Controllers systems (video, audio, web, etc.) where they are processed.

We are constantly evolving and improving, therefore we may change and supplement this Privacy Policy over time.

The Controller maintains previous versions of the Privacy Policy and these can be made available by request.

1 INFORMATION ABOUT THE CONTROLLER

The controller of the processing of personal data specified in this Privacy Policy is the Limited Liability Company “KUREKSS” (elsewhere in the text – the Controller or we), unified registration No. 40003250931, legal address: “Graudupi”, Targales Parish, Ventspils District.

2. CONTACT INFORMATION ON ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA

Correspondence address: “Graudupi”, Targale Parish, Ventspils District.

E-mail: mail@kurekss.lv

Phone number + 371 63624364

3. HOW YOU WILL BE INFORMED ABOUT THE PROCESSING OF YOUR DATA

In order to facilitate the transparent processing of data, the controller informs and explains in its activities what personal data are used in the course of the controller’s economic activity and how they will be used.

This information is provided in this Privacy Policy. When processing personal data for purposes not specified in this Privacy Policy, as well as to clarify information about the individual conditions of data processing, the Controller may separately inform the data subjects (for example, informative notices about video surveillance are placed in the Controller’s territory). The information may also be provided to You by the Controller’s staff, explaining it orally or refer to the information contained in certain documents.

4. PURPOSES OF THE PROCESSING OF PERSONAL DATA (PURPOSES)

4.1. Processing of personal data for recruitment purposes

4.1.1. Personal data that are processed

All the information that you will have included in the submitted CV (such as surname, personal identification number, address of residence, course of work and study / training, knowledge of languages and their application, additional knowledge / skills, telephone number, e-mail address);
All the information that you will have included in your application letter (or similar document, such as information on the reasons why you are applying for the vacancy) or attached it;
Information from persons who have provided feedback about you, if you have expressly named such persons for referral;
Information provided during the job interview, validated tests and other tests.

4.1.2. Purpose and legal basis of the processing of personal data.

Personal data is processed for the selection of the Controller’s staff and for the protection of legal interests as far as the selection of staff is concerned.

Upon receipt of your application for a particular vacancy, the Controller has a legal interest in processing your application, evaluating the information provided in it, organizing an interviewing procedure, conducting interviews and securing evidence that substantiates the legal course of the respective process. In the event of a dispute, the information obtained during the selection process may be used to reflect the legal course of the process.

The legal basis for such processing is Article 6 (1) (f) of the Regulation.

If you have expressed your wish to run for future vacancies (for example, another candidate has been selected for a particular post, however, the Controller also considers your candidacy valuable and offers to keep information about you for other vacancies, if any; or if you have sent your CV not for a specific vacancy but for a possible future vacancy, and the Controller considers your candidacy to be valuable for possible future vacancies), the Controller will continue to process your personal data for the above purpose based on your consent.

The legal basis for such processing is Article 6 (1) (a) of the Regulation until you decide to apply for a particular vacancy. When applying for a specific vacancy, the above-mentioned legal basis arises.

4.1.3. Potential recipients of personal data.

Authorized employees of the Controller, in accordance with the amount specified in their job responsibilities, observing the requirements specified in personal data protection and other regulatory enactments.
If a complaint is received about the relevant selection process, the information obtained and processed during the relevant selection process may be passed on to law enforcement or supervisory authorities, as well as to the court.

Personal data are not intended to be transferred to recipients outside the European Union or the European Economic Area.

4.1.4. Criteria used to determine the data retention period.

The controller shall store and process personal data for a period while any of following circumstances persist:

the information obtained when the candidate applies for the vacancy will be kept, in whole or in part, for a maximum of six months from the end of the specific recruitment process;
the estimated period of storage of personal data, if the Data Subject has agreed to run for future vacancies, is a maximum of two years from the receipt of the relevant consent or until the Data Subject withdraws his or her consent to the relevant data processing;
if a complaint is received about the specific selection process, then all the information processed in the selection process will be retained until the complaint is reviewed and the final settlement takes effect (for example, until the court decision comes into force).

4.2. Processing of personal data for the purpose of economic activity and fulfillment of contractual obligations

4.2.1. Processed Personal data.

The categories of data processed by the Controller depend on the specific situation in which the data is processed and the economic activities involved, such as planned or performed deliveries, regulatory requirements in the particular situation and the legitimate interests of the Controller.

The controller has the obligation and right to process the data subject’s identifying information and information proving the person’s identity and the right of representation (if the person represents another person). The controller can process the amount of personal data, which includes name, surname, personal identification number, contact information, information about the received materials, etc. The relevant information is recorded in the documentation and stored in the Controller’s data processing system.

When preparing a contract, the information necessary for the contract and arising from the contract, as well as the payment information arising from the transaction, etc., is preserved.

4.2.2. Purpose (aim) and legal basis of the processing of personal data.

The purpose of personal data processing is to ensure the economic activity of the Controller, including the start and fulfilment of contractual relations, administration of payment for purchased materials, provision and protection of legal interests of the Controller and third parties arising from economic activities (eg communication with partners, indemnification, debt recovery).

Data processing for the purpose of ensuring the economic activity of the Controller is performed on the basis of Article 6 (1) of the Regulation:

for the fulfilment of a contract to which the data subject is a party or for the fulfilment of actions at the request of the data subject prior to the conclusion of the contract (if a contract being made);
to fulfill a legal obligation applicable to the Controller;
to safeguard the legitimate interests of the Controller and third parties, for example, to organize the economic activities of the Controller, to investigate cases where complaints have been raised about received payments, to carry out follow-up inspections, and to provide evidence in the event of complaints and claims.

4.2.3. Potential recipients of personal data.

Authorized employees of the controller, in accordance with the amount specified in their job responsibilities, observing the requirements specified in personal data protection and other regulatory enactments;
Providers of accounting or legal services (for Controller) or providers of auditing services, in accordance with the terms of an agreement between the parties;
Law enforcement agencies, courts or other state and local government institutions, if it follows from regulatory enactments, and the relevant institutions have the right to the requested information, for example, to the State Revenue Service about you as a business partner;
Courts or other state institutions turning against a person who has violated the legitimate interests of the Controller.

Personal data are not intended to be transferred to recipients outside the European Union or the European Economic Area.

4.2.4. Criteria used to determine the data retention period.

The controller complies with the special regulatory enactments that stipulate its obligation to keep certain data, for example, the Law on Accounting stipulates the obligation to keep information on transactions for at least five years, observing the above, the controller acts according to the deadlines specified in regulatory enactments.

If you would like more detailed information, please contact the Controller using the contact information above.

4.3. Video surveillance is carried out in order to protect the legitimate interests of the controller or third parties and the vital interests of persons, including the protection of life.

4.3.1. Personal data being processed.

Video surveillance systems are located at the entrances to the territory of the Controller, in the territory of the Controller, as well as indoors. If the Data Subject is in the surveillance zone of the video surveillance cameras automatically save, the recording with the Data Subject (image, behavior, location) as well as the date and time of the recording.

Video surveillance is not available in areas with high privacy requirements.

4.3.2. Purpose (aim) and legal basis of the processing of personal data.

Article 6 (1) (f) (processing is necessary in the legitimate interests of the controller or of a third party) for the purpose of:

fire safety monitoring;
monitor the building and the territory;
to investigate the circumstances of a possible accident;
to prevent or detect unlawful conduct and to provide evidence, including identifying the perpetrators of damage or loss and reducing the risks of material damage.

4.3.3. Potential recipients of personal data.

The processing of personal data is performed by authorized employees of the Controller and authorized employees of the controller’s external service providers.
Personal data can be passed on to legal service providers and law enforcement agencies.

Personal data are not intended to be transferred to recipients outside the European Union or the European Economic Area.

4.3.4. Criteria used to determine the data retention period.

The controller shall store and process personal data for a period while any of following circumstances persist:

no longer than 60 (sixty) days from the moment of making the video recording;
if it is suspected that the video recording may reflect an unlawful act or an act that created or could have created circumstances that led to the unlawful act, then the relevant video recording shall be retained to the extent necessary to ensure the legitimate interests of the Controller or third parties.

4.4. To control the flow of visitors.

4.4.1. Personal data that may be processed.

Name, surname, name of the represented company, reason for the visit (justification for issuing the pass), date and time of entry / departure, car registration number, information about the delivered cargo.

4.4.2. Purpose (aim) and legal basis of the processing of personal data.

Article 6 (1) (f) (processing is necessary in the legitimate interests of the controller or of a third party) for the purpose of:

to ensure the control of the flow of visitors;
to organize the economic activity of the Controller;
for the prevention of criminal offenses relating to the protection of property;
To ensure the protection of the legal interests of the controller and third parties in the event of infringement;
to provide evidence against possible claims.

4.4.3. Potential recipients of personal data

The processing of personal data is performed by authorized employees of the Controller and authorized employees of the controller’s external service providers.
Personal data may be transferred to legal service providers and law enforcement authorities.

Personal data are not intended to be transferred to recipients outside the European Union or the European Economic Area.

4.4.4. Criteria used to determine the data retention period.

The controller shall store and process personal data for a period while any of following circumstances persist:

not longer than 60 (sixty) days from the moment of making the entry;
if it is suspected that the visit recorded in the visitor’s record may be related to an illegal act or an act that created or could have created circumstances that led to an illegal act, then the relevant visitor’s record shall be retained as necessary to ensure the legitimate interests of the Controller or third parties.

4.5. For correspondence and record keeping

4.5.1. Personal data being processed.

Using the various options to contact the Controller in writing, information related to the specific letter, request, application will be saved.

4.5.2. Purpose (aim) and legal basis of the processing of personal data.

The retention of information on the fact and content of the communication is based on Article 6 (1) (c) and (f) of the Regulation, i.e. in cases where you have lodged a claim or request raising necessity to the controller to process your request, the legal basis for the processing of data by the controller and the protection of legitimate claims (for example, to investigate cases where complaints have been received and to provide evidence against possible claims) is the legitimate interests of the controller.

4.5.3. Potential recipients of personal data.

Authorized employees of the Controller, in accordance with the scope specified in their job responsibilities.

4.5.4. Criteria used to determine the data retention period

The controller shall store and process personal data for a period while any of following circumstances persist:

until the matter is fully resolved;
as long as the Controller has an obligation specified in regulatory enactments to store the relevant data.

5. YOUR RIGHTS

5.1. The data subject has the right to request access to his / her personal data from the Controller and to receive clarifying information on what personal data about him / her is held by the Controller, for what purposes the Controller processes these personal data, categories of recipients of disclosed personal data unless the regulatory enactments allow the Controller to provide such information in a specific case (for example, the Controller may not provide the Data Subject with information on relevant state institutions that are plaintiff of criminal proceedings, subjects of operational activities or other institutions for which the regulatory enactments prohibit disclosure); information on the period for which the personal data will be stored or the criteria used to determine that period.

5.2. If the Data Subject considers that the information available to the Controller is out of date, inaccurate or incorrect, the Data Subject has the right to request the correction of his or her personal data.

5.3. The data subject has the right to request the deletion of his or her personal data or to object to the processing if the person considers that the personal data have been processed unlawfully or are no longer necessary for the purposes for which they were collected and / or processed. (i.e. to employ the right to be “forgotten”).

5.4. The personal data of the data subject may not be deleted if the processing of personal data is necessary:

5.4.1. for the controller to protect the vital interests of the Data Subject or another natural person, including life and health;

5.4.2. that the Controller or a third party raises, implements or defends its lawful (legal) interests;

5.4.3. data processing is required in accordance with the regulatory enactments binding on the Controller.

5.5. The Data Subject has the right to request that the Controller restrict the processing of the Data Subject’s personal data if one of the following circumstances exists:

5.5.1. The data subject disputes the accuracy of personal data – for the time during which the Controller can verify the accuracy of personal data;

5.5.2. The processing is unlawful and the Data Subject objects to the deletion of personal data and requests instead that the use of the data be restricted;

5.5.3. The controller no longer needs personal data for processing, but they are needed by the Data Subject to raise, enforce or defend lawful claims;

5.5.4. The data subject has objected to the processing until it has been verified that the legitimate reasons of the controller do not outweigh the legitimate interests of the data subject.

5.6. The Controller shall inform the Data Subject, before lifting the restriction on the processing of personal data of the Data Subject.

5.7. You have the right to withdraw your consent to the processing of data at any time in the same way. In this case, further processing based on the prior consent for the specific purpose will no longer take place. Withdrawal of consent does not affect data processing that took place while your consent was valid. Withdrawal of consent may not interrupt the processing of data on other legal grounds (for example, under external law or contract).

5.8. You can request the exercise of your rights:

5.8.1. in writing in person, presenting an identity document;

5.8.2. by e-mail, signing a letter with a secure electronic signature and sending it to the e-mail address mail@kurekss.lv;

5.8.3. by post to the legal address of the Controller: “Graudupi”, Targales Parish, Ventspils District.

5.9. The data subject is obliged to specify in his request, as far as possible, the date, time, place and other circumstances that would help to fulfill his request.

5.10. Upon receipt of a written request from the Data Subject for the exercise of his / her rights, the Controller shall:

5.10.1. verify the identity of the person;

5.10.2. assess the request and proceed as follows:

if the request can be met, it shall be complied as soon as possible;
if additional information is required to identify the Data Subject or to execute the request, the Controller may request additional information from the Data Subject in order to be able to execute the request correctly;
if the information is deleted or the person requesting the information is not a Data Subject or the person is not identifiable, the Controller may reject the request.

5.11. The data subject has the right to submit a complaint to the Data State Inspectorate if it considers that the controller has processed his or her personal data unlawfully.

In case of any disputes and disagreements the English wording will prevail.