GENERAL INFORMATION ON THE PROCESSING OF PERSONAL DATA
Who is processing your personal data?
Your personal data are processed by a controller – SIA LEGAL BALANCE (hereinafter – the Company).
Company’s contact information – address: Bērzaunes iela 1, Rīga, LV-1039, e-mail: info@legalbalance.lv; phone: +37167118478.
Data Protection Officer – address: Bērzaunes iela 1, Rīga, LV-1039, e-mail: info@legalbalance.lv.
How does the Company ensure the lawfulness of the processing of your personal data?
Your personal data are being processed based on the European Union General Data Protection Regulation, Law of the Republic of Latvia on the Processing of Personal Data, special legal norms included in various laws and regulations of the European Union and the Republic of Latvia (e.g. Law on Extrajudicial Recovery of Debt, the Civil Law, Civil Procedure Law, Law on the Prevention of Money Laundering and Terrorism Financing), Company’s Debt Recovery Service Procedure, Company’s Complaints procedure and other Company’s regulatory documents.
The laws and regulations lay down that the Company is entitled to process your personal data only if the Company (i) has previously determined the purposes of processing of your personal data, (ii) has determined the amount of your personal data required to accomplish the pre-determined purpose, (iii) has a legal basis to process your personal data and (iv) has provided you with information on your rights within the context of personal data processing.
The Company processes your personal data according to the standard procedure based on:
-
the performance of the agreement you are a party to or based on taking measures at your request prior to the conclusion of an agreement;
-
the necessity to fulfil a legal obligation applicable to the Company;
-
the consideration of legitimate interests of the Company or a third party;
-
your consent to the processing of your personal data for one or several specific purposes.
When the Company has a business or commercial legal interest to process your personal data or the legal interest that is based on the protection of legitimate interests of the Company or a third party, your personal data are processed “for the consideration of legitimate interests”. However, in these cases, too, the Company processes your personal data in good faith, taking into account your interests or fundamental rights and freedoms that require protection of personal data.
Requirements of the laws and regulations provide for an obligation to process the data of special categories in a particular way – i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership and genetic data, biometric data processed solely to identify a natural person, health-related data or data concerning a person’s sex life or sexual orientation, and data on criminal convictions and offences or related security measures. The Company has the right to acquire and process the data of special categories only with your consent, except for the cases when the laws and regulations directly allow or oblige the Company to acquire and process such personal data. In the cases above, the Company will process the data of special categories based on:
-
significant public interests arising from the laws and regulations of the European Union or the Republic of Latvia that are proportionate to the purpose advanced, considering the essence of the rights to data protection and providing for appropriate and specific measures for the protection of your fundamental rights and interests;
-
the necessity to establish, exercise or defend legal claims.
IMPORTANT: According to the general procedure, the Company is not processing the data of special categories.
IMPORTANT: In this document by the services provided by the Company we mean both – the services provided by the Company to its clients – creditors, and the activities that the Company carries out in relation to its clients - debtors on the basis of Law on Extrajudicial Recovery of Debt and other regulatory enactments. Consequently, when talking about the Company's clients, both creditors and debtors are meant, unless the individual status of these clients is singled out.
Please see below the purposes, legal basis and the Company’s legitimate interests in the processing of your personal data:
Reasons why the Company processes your personal data:
|
Legal basis for the processing of your personal data:
|
Company’s legitimate interests in the processing of your personal data:
|
Provision of services
|
||
|
|
|
Improvement of service provision (commercial practice)
|
||
|
|
|
Management of service provision (activities)
|
||
|
|
|
Crime prevention, security and risk management
|
||
|
|
|
Debt recovery practice management
|
||
|
|
|
|
|
-
|
Management of the processing of data of special categories
|
||
|
|
|
|
|
|
|
|
What are the personal data the Company processes?
To provide you with services of a consistently high quality and be able to offer you products that meet your needs, the Company uses personal data of various types. The personal data processed by the Company are grouped into categories for the Company to be able to manage them in the most efficient way and for you to be able to see the amount of client information managed by the Company. The Company does not use all personal data the same way – some of the types of personal data are useful for marketing purposes, others – for provision of direct services or for fulfilment of legal obligations applicable to the Company. At the same time, the Company guarantees to its clients that the personal data under the Company’s management are being processed according to the highest security standards in the field of personal data processing.
Creditor
|
|
Personal data categories
|
Description
|
Basic (identification) data
|
Name, surname, identity number, date of birth, language of communication etc.
|
Contact information
|
Address of the declared place of residence, postal address, phone number, e-mail address etc.
|
Financial data
|
Basic information on a settlement account or card, information on income and assets etc.
|
Debt recovery service data
|
Data and information contained in the documents submitted for debt recovery
|
Data characterising the behaviour and habits
|
Information on the origin of funds, business area etc.
|
Tele- and e-communication data
|
Flow data, location data, identification information, audio recording etc.
|
Authentication details
|
User name, password, PIN code etc.
|
Data of special categories
|
Information on a politically exposed person, etc.
|
Data obtained when fulfilling legal obligations
|
Information obtained upon request of investigating authorities, tax authorities etc.
|
Debtor
|
|
Personal data categories
|
Description
|
Basic (identification) data
|
Name, surname, identity number, date of birth, language of communication etc.
|
Contact information
|
Address of the declared place of residence, postal address, phone number, e-mail address etc.
|
Financial data
|
Basic information on a settlement account or card, information on income and assets etc.
|
Debt recovery service data
|
Data and information contained in the documents submitted for debt recovery, Data extracted from the debt recovery process that is not included in other specified personal data categories
|
Data characterising the behaviour and habits
|
Information on the origin of funds, business area or the working place where the person has provided such information etc.
|
Tele- and e-communication data
|
Flow data, identification information, audio recording etc.
|
Data of special categories
|
Information on a politically exposed person, etc.
|
Data obtained when fulfilling legal obligations
|
Information obtained upon request of investigating authorities, tax authorities etc.
|
Person related to creditor or debtor
|
|
Personal data categories
|
Description
|
Basic (identification) data
|
Name, surname, language of communication etc.
|
Contact information
|
Postal address, phone number, e-mail address etc.
|
Other persons
|
|
Personal data categories
|
Description
|
Basic (identification) data
|
Name, surname etc.
|
Contact information
|
Phone number, e-mail address etc.
|
How does the Company receive your personal data?
Creditor
(1) Personal data provided to the Company by you yourself:
-
when you apply for the Company’s services;
-
when you contact the Company and talk to the Company’s specialists by phone or meet and talk to the Company’s specialists in person, incl. records of telephone conversations or notes made by the Company’s specialists during the meeting;
-
when you use the Company’s homepage, the Company’s website www.eparadi.lv, online conversations, etc.;
-
from your e-mails and mails or courier parcels;
-
from your applications, complaints and other documents you have submitted;
-
from interviews;
-
from customer surveys.
(2) Personal data obtained by the Company when you use the Company’s services
-
Payment and transfer data
-
Profile and homepage or website usage data
IMPORTANT: The said data include security details you have created and use to access the Company’s services. The said data include also your settings and the choice of commercial communication. Moreover, the Company collects data also from the devices you use (e.g. computers and mobile phones) for you to be able to establish a connection with the Company in a fast and convenient way. Additionally, the Company uses cookies and other internet usage habit research tools to collect data when you use the Company’s homepage, website or mobile applications. For more information on the usage of cookies, see Section Cookies in the Privacy Policy.
(3) Personal data obtained by the Company from third parties (incl. external databases):
-
Payment institutions that you use to apply for or settle for the services of the Company;
-
social networks (e.g. by clicking on one of our Facebook or Google ads);
-
public registers (e.g. Register of Enterprises, Credit Information Office, Lursoft Ltd. databases);
-
Company’s representatives, contractors or other third parties who process personal data on behalf or by order of the Company;
-
market researchers who obtain and examine information from various sources to prepare market trend reports or provide appropriate advices;
-
other debt recovery service providers who help to prevent, detect and hold liable for illegal and fraudulent activities;
-
state (incl. law enforcement) authorities.
IMPORTANT: The persons and institutions above help the Company to maintain the services and advise the Company on business development and improvement opportunities.
Debtor
(1) Personal data provided to the Company by you yourself:
-
when you contact the Company and talk to the Company’s specialists by phone or meet and talk to the Company’s specialists in person, incl. records of telephone conversations or notes made by the Company’s specialists during the meeting;
-
when you use the Company’s homepage or online conversations, etc.;
-
from your e-mails and mails or courier parcels;
-
from your applications, complaints and other documents you have submitted;
-
from interviews;
-
from customer surveys.
(2) Personal data obtained by the Company when you use the Company’s services
-
Payment and transfer data
-
Homepage usage data
IMPORTANT: The said data include security details you have created and use to access the Company’s services. The said data include also your settings and the choice of commercial communication. Moreover, the Company collects data also from the devices you use (e.g. computers and mobile phones) for you to be able to establish a connection with the Company in a fast and convenient way. Additionally, the Company uses cookies and other internet usage habit research tools to collect data when you use the Company’s homepage, website or mobile applications. For more information on the usage of cookies, see Section Cookies in the Privacy Policy.
(3) Personal data obtained by the Company from third parties (incl. external databases):
-
Documents submitted by the creditor confirming the existence of the debt;
-
Payment institutions that you use to make payments in an extrajudicial debt recovery process or settle for services rendered by the Company;
-
social networks (e.g. by clicking on one of our Facebook or Google ads);
-
public registers (e.g. Register of Enterprises, Credit Information Office, Lursoft Ltd. databases);
-
Company’s representatives, contractors or other third parties who process personal data on behalf or by order of the Company;
-
market researchers who obtain and examine information from various sources to prepare market trend reports or provide appropriate advices;
-
other debt recovery service providers who help to prevent, detect and hold liable for illegal and fraudulent activities;
-
state (incl. law enforcement) authorities.
IMPORTANT: The persons and institutions above help the Company to maintain the services, especially in IT field, and advise the Company on business development and improvement opportunities.
For how long does the Company store your personal data?
According to the general procedure, the Company is entitled to store your personal data for 10 years as from the moment of termination of business relationships unless the laws and regulations set other time-limits for storing the data. The Company complies with this general time limit for storing the client’s personal data:
-
to respond to questions or complaints or demonstrate that the Company has fulfilled its obligations towards you in good faith;
-
to conduct the Company’s in-house researches (e.g. on changes in the clients’ habits);
-
to meet the requirements of the laws and regulations that provide for storage of various types of documentary information.
IMPORTANT: Upon expiry of the data storage period, your personal data are being destroyed in a secure way.
What are the possible consequences if you choose not to provide your personal data (or other information) upon the Company’s request?
The Company might need to obtain your personal data (or other information) according to the requirements of the laws and regulations or for the Company to be able to conclude or perform an agreement with you. If you choose not to provide the information (incl. personal data) requested by the Company, it may limit the Company’s possibilities to perform an agreement concluded with you, or delay or preclude the Company from fulfilling legal obligation applicable thereto according to the requirements of the laws and regulations.
IMPORTANT (for creditors): If due to your choice not to provide the Company’s requested information (incl. personal data) the Company is unable to implement the policy relating to the fulfilment of regulatory requirements and servicing of your transactions, the Company will most probably discontinue provision of the services to you.
IMPORTANT (for debtors): If due to your choice not to provide the Company’s requested information (incl. personal data) the Company is unable to implement its legitimate interests (i.e. activities stated by law) relating to the extrajudicial debt recovery process, the Company will most probably seek for the final resolution in the court.
IMPORTANT: The Company may request you to submit information that it finds useful for the purposes other than fulfilment of legal obligations applicable to the Company, performance of an agreement or carrying out measures prior to the conclusion of an agreement. If in such cases the Company requests you to provide information about yourself, the Company will previously inform you of the purposes of processing of your personal data and will explain separately whether it is mandatory for you to provide these additional personal data (or any other information) and how it will affect the delivery of service to you.
What are your rights in relation to the processing of your personal data?
You have the following rights:
-
to access your personal data and forward them; in particular, you are entitled:
-
to obtain additional information about the processing of your personal data irrespective of what type of information you already have;
-
to receive an electronic copy of your personal data processed by the Company;
IMPORTANT: The Company is not obliged to provide a client with the copies of the documents at the Company’s disposal, and the Company does not provide a client with the information that contains data of a third party.
-
The Company may provide you with a copy of your personal data in an electronic form, which may be used by you repeatedly, in particular, you yourself may submit it to other institutions or request the Company to forward it.
-
to amend or delete your personal data:
-
you are entitled to amend your personal data if they have changed or you have grounds to believe that your personal data processed by the Company are not accurate.
IMPORTANT: The client is responsible for the accuracy of the submitted personal data (or other information) and for providing the Company with correct and updated information about the client. The creditor is responsible for the lawfulness of the processing of personal data concerning the debtor and other persons in the extrajudicial debt recovery process, in particular the lawfulness of the acquisition and transfer of such data. The Company has neither the obligation to amend the client’s personal data at Company’s own discretion, nor the obligation to search – at its own discretion – for the client’s personal data in third parties’ databases to keep the Company’s client databases accurate and updated.
-
You are entitled to request the Company to delete your personal data, and the Company will do it if the Company does not need these personal data anymore for the purposes which the data were collected or processed in any other way.
IMPORTANT: The Company will not be able to delete the client’s personal data if the laws and regulations provide for a legal obligation to store such personal data or the Company’s legitimate interests are more important than the client’s rights infringed by non-deletion of the personal data.
-
to limit the processing of your personal data:
-
you are entitled to request the Company to limit the processing of your personal data (or certain processing activities), which means that the Company could store and process your personal data only to establish, exercise or defend the Company’s legal claims. You are entitled to limit the processing of your personal data if (i) they are not accurate, (ii) they are being processed unlawfully but you do not want to delete them, (iii) their processing is not required anymore but you want to establish, exercise or defend your legal claims, (iv) you have already exercised your right to object to the processing of your personal data but you are waiting for the Company’s assessment whether the Company is entitled to further process your personal data based on the Company or third party’s legitimate interests.
IMPORTANT (for creditors): By exercising the right to limit the processing of your personal data, the delivery of services to you could be limited for some time – i.e. the Company’s services would be available to you in a limited amount or could even be unavailable for some time.
-
to object to the processing of your personal data:
-
you are entitled to object to the processing of your personal data if the objection is based on serving the Company or third party’s legitimate interests, and your rights, interests and freedoms are more important than the said Company or third party’s legitimate interests;
-
you are entitled to object to the processing of your personal data for (direct) marketing purposes;
-
in relation to the automated individual decisions:
-
you are entitled to make the Company’s specialist participate in taking such decisions or request that the Company does not take a decision based on an automated calculation only.
How does the Company process your personal data for marketing purposes, in particular, to prepare commercial offers for you?
The Company at this moment does not carry out marketing activities, therefore, your data processing for marketing purposes is not carried out.
How does the Company process your personal data, taking automated individual decisions?
The Company at this moment does not use automated systems to make decisions without engaging the Company’s specialists in relation to you or your company.
Whom your personal data can be given to?
The Company may pass your personal data (incl. other information) to external organisations to ensure provision of the Company’s services, manage the Company’s business (e.g. to external auditors) and fulfil legal obligations applicable to the Company (e.g. to supervisory authorities).
The Company may pass your personal data (incl. other information) to the following external organisations:
-
Company’s parent company UAB “LEGAL BALANCE” – depending on your chosen Company’s services;
-
public institutions – depending on the legal obligation the Company must fulfil, e.g. to the Consumer Rights Protection Centre, the State Revenue Service, the Control Service;
-
persons or organisations involved in the provision of Company’s services – depending on your chosen Company’s services, e.g. to the Company’s representatives, contractors or other third parties who process personal data on behalf or by order of the Company;
-
various registers – depending on your chosen Company’s services or the services that Company provides to you, e.g. to the Credit Information Office;
IMPORTANT: The Company processes your personal data in cooperation with insurance service providers or investment service providers if you have chosen the respective products, therefore under this cooperation your personal data can be communicated to the representatives of these organisations.
Are your personal data being communicated beyond the European Union or the European Economic Area?
The Company is not transferring your personal data (incl. information on you) beyond the European Union or the European Economic Area.
Which of the Company's regulatory documents regulate the processing of your personal data?
The processing of your personal data is regulated and your rights in the field of protection and legality of processing of personal data are protected by:
-
the Company’s Provisions for the Processing of Personal Data (in force since 25 May 2018).
Are you entitled to submit a proposal or complaint?
The Company is a responsible controller of your personal data. To demonstrate clearly that the Company performs a lawful, fair and transparent processing of your personal data, the Company has created and maintains a system of accountability that is based on:
-
timely informing of clients about the processing of personal data and exercising of the clients’ access rights;
-
assessment of the impact of the processing of personal data if the planned activities related to the processing of personal data could put at high risk your rights and freedoms, as well as on the registration of personal data proceedings activities;
-
timely detection and comprehensive investigation of safety incidents related to the security of personal data, as well as on reporting about personal data breaches to the Data State Inspectorate and clients;
-
transparent cooperation with service providers who on behalf of the Company provide financial and other services or ensure the processing of your personal data by order of the Company;
-
regular training of the Company’s employees and assessment of the compliance of the system of personal data protection and of the legality of personal data processing.
However, if you have any suggestions or objections regarding the processing of personal data performed by the Company, you are entitled to submit to the Company a suggestion, feedback, application or complaint. You may submit an application or complaint in a way that is most convenient for you:
-
in the form of an electronic document (signed with a secure electronic signature), sending it to the Company’s e-mail: info@legalbalance.lv;
-
by mail (incl. delivery by courier) in paper format to the Company’s correspondence address in Bērzaunes iela 1, Rīga, LV-1039, ensuring that the application is signed.
IMPORTANT: If you file a complaint, the complaint will be considered by the Company’s experts, consulting with Data Protection Officer. The Company, when considering complaints or suggestions, is governed by the Company’s regulatory documents, valid laws and regulations of the Republic of Latvia, valid binding legislation (regulations, directives, decisions, case-law) of the European Union, recommendations of the Data State Inspectorate, guidelines, recommendations and best practice of the European Data Protection Board, rules and recommendations of the Consumer Rights Protection Centre.
Moreover, you are entitled to file a complaint to the Data State Inspectorate regarding the non-compliance of the Company’s performed processing of personal data with the requirements of the laws and regulations in the field of protection of data of natural persons. A complaint to the Data State Inspectorate may be filed by:
-
placing it in the mail box of the Data State Inspectorate in Riga, 11/13 Blaumaņa Street, 1st storey;
-
sending it electronically (according to Section 1(2) of the Electronic Documents Law, signed with a secure electronic signature) to the e-mail address info@dvi.gov.lv;
-
sending it by mail to the address: 11/13-15 Blaumaņa Street, Riga, LV-1011.
Yours faithfully,
SIA “LEGAL BALANCE”