PRIVACY POLICY
Data Controller
SIA Legal Balance, legal entity code 40203125480, address Marijas st. 2A, Riga LV-1050, telephone number +371 66778830, e-mail address info@legalbalance.lv, website www.legalbalance.lv.
1. TERMS USED
1.1. Personal Data shall mean any information relating to a natural person, i.e. a data subject, whose identity is known or can be established, directly or indirectly, by reference to data such as a personal identification number, one or more factors specific to that person, such as his/her physical, physiological, psychological, economic, cultural or social background, location data, and an online identifier.
1.2. Company shall mean SIA Legal Balance, legal entity code 40203125480, address Marijas st. 2A, Riga LV-1050.
1.3. Customer shall mean a natural person or legal entity who uses (has used or intends to use in the future) the Company's debt collection services and/or assign the claim rights.
1.4. Data Subject shall mean a natural person who uses the Company's services or provides services/goods to the Company, or is interested in the possibility of employment with the Company, or is a representative of a legal entity, or is a person who browses the Website, or any person whose data is processed by the Company.
1.5. IP Address shall mean a unique number that identifies the computer, telephone, tablet or other device that connects to the internet. The IP address can be used to identify the country where the computer connects to the internet.
1.6. Privacy Policy shall mean this document, which sets out the basic rules for the collection, storage, processing and retention of Personal Data applicable when visiting the Website, as well as the rights of Data Subjects and the procedures for their implementation applicable to the Company.
1.7. Self-Service Area shall mean an account of the Company's Customers (natural persons or legal entities) on the Website, where the Customers are given the opportunity to submit debts to the Company for collection, to provide the Company with additional information and documents, and where the Company can provide to the Customers the reports on the collection results, as well as other information.
1.8. Debtor shall mean a natural person or legal entity who has a valid monetary obligation under the legislation of the Republic of Latvia to the Company's Customer or to the Company.
1.9. Debtor ID shall mean a unique identification number assigned to each Debtor.
1.10. Cookies shall mean small files placed on a computer, telephone, tablet or other device used by any person visiting the Website, which the Website uses to identify the device. This shall include not only cookies, but also the use of similar types of tools.
1.11. Website shall mean the website operated by the Company www.legalbalance.lv.
1.12. Regulation shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.13. Profiling is a part of the automated individual decision-making process used to analyze certain personal data of an individual, such as their financial situation, reliability, and ability to pay, in order to enhance the individual's experience in the debt recovery process, personalize the services provided by the Company, and ensure a faster and more efficient debt recovery process.
2. GENERAL PROVISIONS
2.1. In this Privacy Policy, we provide you with information about how Company processes Personal Data of visitors of the Website, potential employees (candidates), Customers, Debtors and other data subjects. Additional information may be contained in claim assignment agreements, service agreements and other agreements that you enter into with the Company.
2.2. This Privacy Policy shall not address the Company's processing of Personal Data when you visit other websites of the Company, or when you use services published by the Company on or through other websites. If you visit other websites of the Company, or use services published or provided by the Company on such websites, your Personal Data shall be processed in accordance with the information provided on those websites. In such a case, please have a good look at the Privacy Policies posted on other websites of the Company.
2.3. The processing of personal data in the Company shall be governed by the Regulation and other legal acts of Republic of Latvia, as well as the local acts of the Company.
3. PRINCIPLES OF PERSONAL DATA PROCESSING
3.1. The scope of personal data processed depends on the services requested or used by the Data Subject and the information provided by the Data Subject when requesting and/or using the services, visiting the Website, or submitting his/her data for the purposes of employment with the Company.
3.2. The processing of personal data shall be carried out only under one of the criteria for lawful processing, e.g. to ensure the provision of the services published on the Company's websites; with the consent of the individual; where the Company is obliged to process personal data by the relevant legislation; where the processing of personal data is necessary for the purposes of the legitimate interest of the Company or of the legitimate interest of a third party, including creditors.
3.3. We aim to process Personal Data accurately, fairly and lawfully, and to process it only for the purposes for which it is collected, in accordance with the clear and transparent principles and requirements for the processing of personal data as set out in law.
3.4. You are not obliged to provide any Personal Data, but it is possible that certain services may not be provided unless Personal Data is provided.
4. EXTENT, PURPOSES, GROUNDS FOR PROCESSING PERSONAL DATA
4.1. Conclusion and execution of contracts with Customers
4.1.1. In order to conclude and execute claim assignment and legal service agreements, we shall process the following personal data of our Customers who are natural persons: name, surname, personal identification number, address of place of residence, contact information (e-mail, telephone number), bank account number, other information provided by the customer in order to receive legal services.
4.1.2. In order to conclude and execute claim assignment and legal service agreements with our Customers which are legal entities, we shall process the following personal data of the representatives of our customers which are legal entities: name, surname, position, basis of representation, documents confirming the right to represent the customer.
4.1.3. In order to administer Customer accounts in the Self-Service Area, we shall process the following Customer data: e-mail address, password.
4.1.4. Sources of personal data: data subject, Customers which are legal entities.
4.1.5. Legal basis: processing is necessary for the performance of a contract or to take action at the request of the data subject prior to the conclusion of a contract (Article 6(1)(b) of the Regulation); processing is necessary for the purposes of the legitimate interests of the Company in concluding a contract with a Customer which is a legal entity (Article 6(1)(f) of the Regulation).
4.1.6. Retention period: the data shall be processed for as long as the contract with the Customer is valid, after which the data shall be retained for a period of 10 (ten) years for the purpose of exercising or defending the Company's legal claims as well as for the purpose of fulfilling the Company's obligation to archive the documents in accordance with the legal provisions.
4.1.7. Customers shall be obliged to protect their password and login to the Self-Service Area and not to disclose their login to the Self-Service Area to any third party. We shall not be liable if the Customer's data is unlawfully altered, disclosed, destroyed, or the Customer's identity is stolen or otherwise fraudulently used in connection with the use of the Customer's login credentials, whether due to the fault or negligence of the Customer.
4.2. Assessment of debt recovery possibilities for the purpose of concluding a claim assignment agreement
4.2.1. In order to conclude a claim assignment agreement, i.e. to assess the financial capacity of the debtors who are natural persons to perform the contract from which the debt arises and to settle the debt, and to determine the commercial terms of the claim assignment agreement proposed by the Company, we shall process the following personal data of debtors: name, surname, personal identification number/date of birth, contact information (e-mail, telephone number), residential address, documents supporting the debt, amount of the debt, circumstances and date on which the debt was incurred, the fact and date on which the debt or part of it was settled and any other data provided by the data subject or his/her creditor (e.g. social account data), workplace, marital status (spouse’s name, surname, personal identification number/date of birth, workplace, assets), assets held, number/extent of enforcement proceedings, data on other creditors of the Debtor, data from registers, credit history from the Credit Information Bureau (AS Kredītinformācijas Birojs) and SIA “Lursoft IT” databases. If the Debtor is a legal entity, we shall process the following personal data about the manager and shareholders/beneficial owners of the legal entity for the purpose indicated: name, surname, personal identification number/date of birth, residential address, contact details (e-mail, telephone number).
4.2.2. Sources of personal data: the original creditor, Credit Information Bureau (AS Kredītinformācijas Birojs), The Office of Citizenship and Migration Affairs (Pilsonības un migrācijas lietu pārvalde), Enterprise Register (Uzņēmuma reģistrs), SIA “Lursoft IT”.
4.2.3. Legal basis: the processing is necessary for the purposes of the legitimate interests of the Company in concluding the claim assignment agreement (Article 6(1)(f) of the Regulation).
4.2.4. Retention period: Until the conclusion of the claim assignment agreement or for 2 years after the assessment of the debts unless the original creditor orders the data to be destroyed immediately.
4.3. Debt collection
4.3.1. In order to collect debts which are acquired by the Company from the original creditors or which are administered by the Company on the basis of a legal services agreement, we shall process the following personal data of debtors: name, surname, personal identification number/date of birth, contact information (e-mail, telephone number), residential address, documents supporting the debt, amount of the debt, circumstances and date of incurrence of the debt, fact and date of settlement of the debt or part of the debt, other data provided by the data subject himself/herself or by the data subject's creditor (Customer) (e.g. social account data), workplace, marital status (spouse's name, personal identification number/date of birth, workplace, assets), assets held, number/extent of enforcement proceedings, details of the debtor's other creditors, data from registers, credit history from the Credit Information Bureau (AS Kredītinformācijas Birojs) and SIA “Lursoft IT” databases. If the debtor is a legal entity, we shall process the following personal data about the managers, shareholders and beneficial owners of the legal entity: name, surname, personal identification number/date of birth, residential address, contact information (e-mail, telephone number).
4.3.2. Sources of personal data: The Customer, partners (debt collection companies) of the cross-border collection platforms (EOS Cross-border, etc.), bailiffs, the data subject, courts, Credit Information Bureau (AS Kredītinformācijas Birojs), The Office of Citizenship and Migration Affairs (Pilsonības un migrācijas lietu pārvalde), Enterprise Register (Uzņēmuma reģistrs), SIA “Lursoft IT”, social networking sites, UAB "Okredo", other publicly available sources, provided that such data are necessary for the provision of debt collection or other services, including the assessment of the possibility of debt collection.
4.3.3. Legal basis: the processing is necessary for the purposes of the legitimate interests of the Company or of its Customers (Article 6(1)(f) of the Regulation).
4.3.4. Retention period: 10 years after the end of the contractual relationship (after the debt has been collected or a document confirming that the debt cannot be collected has been concluded), or until the Customer instructs us to delete the data.
4.3.5. Data recipients: Credit Information Bureau (AS Kredītinformācijas Birojs) (for more information on the transfer of data to AS Kredītinformācijas Birojs, please refer to Clause 5.5. of the Privacy Policy), bailiffs, courts, notaries, insolvency administrators, The Office of Citizenship and Migration Affairs (Pilsonības un migrācijas lietu pārvalde), Enterprise Register (Uzņēmuma reģistrs), the Customer, payment service providers.
4.4. Provision of information to Debtors or Customers
4.4.1. In order to efficiently carry out debt collection activities, i.e. to inform the Debtors about the debt, change of creditor or other related circumstances, the Company shall inform the Debtors by mail or by using an automated texting, calling and e-mailing programme implemented in the Company's managed information systems. The Company may use a data processor for this purpose. When informing Debtors about the debts to be repaid, we process the following Debtors' personal data, depending on the method of informing Debtors:
4.4.1.1. If Debtors are informed by SMS: telephone number, content of the SMS message.
4.4.1.2. If Debtors are informed by e-mail: e-mail address, content of e-mail.
4.4.1.3. If Debtors are informed by telephone call: telephone number, content of audio message.
4.4.1.4. If Debtors are informed by mail: name, surname, address.
4.4.2. Sources of personal data: original creditor, customer, data subject.
4.4.3. Legal basis: the processing is necessary for the legitimate interests of the Company to inform the Debtors about their financial obligations (Article 6(1)(f) of the Regulation).
4.4.4. Retention period: 10 years after the end of the contractual relationship (after the debt has been collected or a document confirming that the debt cannot be collected has been concluded).
4.4.5. Data recipients: postal service providers.
4.4.6. For the purpose of informing debtors, the Company shall also uses an automated communication application via various online platforms such as Messenger, Viber, Whatsapp, etc., which is provided by various service providers (data processors). Categories of personal data communicated to the data processors: name, surname, telephone number, amount of the debt, legal grounds of the debt, creditor and other information constituting personal data that may be provided or received through this communication channel.
4.4.7. For the purpose of informing debtors and Customers, the Company shall also use automated e-mail sending platform VivaSend, the administrator of which is a third party (data processor), to whom the Company may transmit your e-mail addresses, and the content of the information sent. Platform administrator shall ensure the use of technologies compliant with standards in this area when providing e-mail services and may collect information on the date of reading the e-mail, the data subject's actions after opening the e-mail and other information for this purpose. VivaSend's Privacy Policy can be found here: https://vivasend.lt/privatumo-ir-slapuku-politika/.
4.4.8. For the purpose of informing Debtors, the Company shall maintain unique Debtor ID numbers and enable Debtors to find out about amounts due to the Company and/or the Company's Customers (debts administered by the Company) by entering the Debtor ID in the designated area of the Website.
4.5. Prevention of money laundering and terrorist financing
4.5.1. The Company, in compliance with its obligations under legal acts regarding the prevention of money laundering and terrorist financing, processes data on the involvement of existing and potential Customers and Debtors in politics and financial sanctions imposed on them, if the Customer or Debtor is a legal entity, information about the beneficial owners of this legal entity, members of the management bodies and other information that the Company must collect and process in accordance with the procedure established by law (name, surname, personal identification number, date of birth, nationality, country of residence, position, origin of the money, participation in politics, financial sanctions and any other personal data, which may comprise the content of the documents submitted to the Company).
4.5.2. Sources of personal data: the data subject, the Customer (legal entity), Financial Intelligence Service (Finanšu izlūkošanas dienests), State Revenue Service (Valsts ieņēmumu dienests), SIA “Lursoft IT”, various databases of financial sanctions and politically exposed persons.
4.5.3. Legal basis: the processing of data is necessary to comply with a legal obligation (Article 6(1)(c) of the Regulation).
4.5.4. Retention period: the data shall be processed for as long as the contract concluded with the Customer is valid, after which the data shall be retained for 10 years for the purpose of exercising or defending the Company's legal claims and for the purpose of fulfilling the Company's statutory obligation to archive documents. If the contract with the Customer is not concluded, the data shall be retained for 5 years from the moment the data is received.
4.5.5. Data recipients: Financial Intelligence Service (Finanšu izlūkošanas dienests), State Revenue Service (Valsts ieņēmumu dienests), Enterprise Register (Uzņēmuma reģistrs), CRPC (Patērētāju tiesību aizsardzības centrs).
4.6. Recording Conversations
4.6.1. In order to ensure the quality of our services, to establish uniform practices, and to objectively deal with data subjects' requests or complaints, we record calls and process the following personal data of callers: telephone number, audio recording, and the metadata of the audio recording (the date of the call and the time at which the call started and ended). Before the start of the call, we shall inform you that the call is being recorded. By continuing the call, you consent to the recording of the call. If you do not agree to the conversation being recorded, you are welcome to contact the Company by e-mail.
4.6.2. Sources of personal data: data subject.
4.6.3. Legal basis: consent of the data subject (Article 6(1)(a) of the Regulation).
4.6.4. Retention period: for the purposes set out in this Clause, your personal data shall be processed for a period of one year from the receipt of the personal data. Where there are reasonable grounds to believe that the call recording material records the commission of a criminal offence or other unlawful acts, the necessary data from the call recording shall be transferred to secure media and retained in perpetuity for as long as there is an objective need for them to do so, even after the expiration of the term for retention of the call recordings referred to in this Clause.
4.6.5. Data recipients: courts, law enforcement and other public authorities.
4.6.6. For the purposes set out in this Clause, your personal data shall only be processed if the call takes place using telephone numbers assigned to the Company. The Company's telephone numbers shall be published on the Website.
4.6.7. To listen to call recordings or to obtain copies thereof, please contact the Company in accordance with the procedures set out in this Privacy Policy.
4.7. Inquiry Administration
4.7.1. When administering inquiries submitted on the Company's Website, we shall process the following personal data of the inquirers: name, surname, contact details (telephone number, e-mail address), inquiry which may contain other personal data.
4.7.2. Sources of personal data: data subject.
4.7.3. Legal basis: processing is necessary for the legitimate interests of the Company in administering inquiries (Article 6(1)(f) of the Regulation).
4.7.4. Retention period: 10 years from the time of data collection.
4.8. Direct Marketing
4.8.1. For direct marketing purposes, the Company shall process the following personal data: name, surname, e-mail address, telephone number.
4.8.2. Sources of personal data: data subject.
4.8.3. Legal basis: consent of the data subject (Article 6(1)(a) of the Regulation).
4.8.4. Retention period: the data shall be processed for a period of 5 years from the receipt of the data subject's consent or until you withdraw your consent to the processing of personal data. If you withdraw your consent to the processing of your personal data for the purpose(s) set out in this Clause, only the fact of your consent shall be retained for a period of 10 years from the expiry of the consent period or the withdrawal for the purpose of exercising or defending any legal claims of the Company.
4.8.5. You shall have the right to unsubscribe from promotional communications sent by the Company at any time, and you shall have the right to object to the processing of your personal data for the purpose of direct marketing, without giving reasons for your objection. You may exercise your right to object to the processing of personal data for the purpose of direct marketing in the following ways:
- by clicking on the link in each e-mail sent to you;
- by contacting the Company by e-mail dpo@legalbalance.lv and indicating in the e-mail your name, surname and the telephone number or e-mail address where you do not wish to receive information.
4.9. Development and maintenance of business relationships
4.9.1. In order to develop and maintain business relationships, we shall process the following personal data of employees and representatives of business entities (partners, suppliers, customers, potential customers): name, surname, position, contact details (telephone number, e-mail address).
4.9.2. Sources of personal data: data subject, publicly available information.
4.9.3. Legal basis: the processing is necessary for the legitimate interests of the Company in developing and maintaining business relations (Article 6(1)(f) of the Regulation) and the data subject's consent to the sharing of his/her contacts in the business clubs/transfer of his/her contacts to third parties (Article 6(1)(a) of the Regulation).
4.9.4. Retention period: 10 years after the end of the contractual relationship or the moment of data collection (in the absence of a contract with the data subject).
4.10. Assurance of the Functionality of the Website, Collection of Statistical Information
4.10.1. In order to improve the Website, to update marketing campaigns, to analyse and collect statistics on visitors to the Website, and to ensure the proper functioning of the Website, the Website shall use cookies, plug-ins and similar technologies. For this purpose, the Company shall process the following personal data of visitors to the Website: IP address, time of access to visitor accounts, Website browsing history and date. Website visitor statistics shall be analysed using Google Analytics cookies. The information collected by Google Analytics cookies about your browsing history shall be transmitted to and stored on Google servers.
4.10.2. Sources of personal data: data subject, Cookies and similar technologies.
4.10.3. Legal basis: the processing of the data is necessary for the legitimate interests of the Company to ensure the proper functioning of the Website (for this purpose the only the necessary cookies are used to collect the data) (Article 6(1)(f) of the Regulation), and the data subject's consent (personal data collected by means of non-essential cookies shall be used for this purpose) (Article 6(1)(a) of the Regulation).
4.10.4. Retention period: the retention period of personal data depends on the specific cookie used to collect the personal data, but in all cases the retention period shall not exceed 2 years. The specific terms shall be set out in the Website's Cookie Policy.
4.11. Promotion of the Company's visibility (Social media management)
4.11.1. The information you provide on social network profiles operated by the Company (including messages, the use of the “Like” and “Follow” buttons, and other communications), or that you receive when you visit the Company's accounts (including information obtained through the use of cookies used by the social network operators), is under the control of the operator of the social network. We therefore recommend that you read the privacy policy of the social network operator, where you can find all the information about the categories of personal data collected, the retention periods, recipients, etc.
4.11.2. Legal basis: the processing of personal data is necessary for the legitimate interests of the Company to promote the visibility of the Company (Article 6(1)(f) of the Regulation).
4.11.3. As the administrator of Company’s social media account, we shall choose the appropriate settings based on our target audience and promotion objectives. The social network operator may restrict the ability of the Company to change certain essential settings and thus we may not be able to influence what information about you is collected by the social network operator once the Company has created a social network account.
4.11.4. Any such settings may affect the processing of personal data when you use social media, visit the Company's account or read the Company's posts on a social media network. Even if you only look at our posts on Facebook, LinkedIn, Instagram or YouTube, the social network operator may receive certain personal information, such as which end device you are using, your IP address, etc.
4.12.Organisation and conduct of virtual meetings
4.12.1. In order to organise and conduct conference calls, virtual meetings, videoconferences and/or webinars, the Company shall process the following personal data of the persons participating in the virtual meetings: information about the participants of the meeting (name, surname, telephone number, e-mail address, profile picture), data about the meeting (topic, description, IP addresses of the participants, information about the device's hardware, the start and end time of the videoconference), text data, voice and video recordings.
4.12.2. Legal basis for data processing: the Company's legitimate interests in ensuring the organisation and conduct of remote meetings, convenient and secure communication (Article 6(1)(f) of the Regulation) and the data subject's consent (Article 6(1)(f) of the Regulation) (in relation to the recording of virtual meetings).
4.12.3. Data retention period: one year from the date of receipt.
4.13. Recruitment
4.13.1. For the purposes of recruitment, we shall process the following personal data of candidates: name, surname, contact details (e-mail, telephone number), curriculum vitae (CV), its annexes and any personal data contained therein at the initiative of the data subject.
4.13.2. Sources of Personal Data: data subject, job portals.
4.13.3. Legal basis: consent of the data subject (Article 6(1)(a) of the Regulation).
4.13.4. Retention period: until the end of the contest, or for 1 year after the end of the contest (with the candidate's consent), or until the candidate's employment contract is concluded.
4.14. Technical log entries
4.14.1. In the information systems managed by the Company, the Company shall record and maintain technical logs of service providers in order to ensure security requirements, to identify and monitor and track users' actions related to the processing of personal data, and to ensure accountability.
4.14.2. The following records of accesses to personal data shall be recorded: the identifier of the access, date, time, duration, the result of the access (successful, unsuccessful), the files accessed, and the actions carried out on the personal data (entry, review, modification, deletion, and any other personal data processing actions).
4.14.3. Technical logs shall be kept for 3 years.
4.14.4. Basis for data processing: processing is necessary for the legitimate interests of the Company to ensure the security of information (Article 6(1)(f) of the Regulation).
4.15. The Company may process your personal data for other purposes in accordance with the requirements of the Regulation and other legal acts of the Republic of Latvia.
5. DATA RECIPIENTS AND DATA PROCESSORS
5.1. The Company undertakes to respect the duty of confidentiality towards data subjects. Personal Data may be disclosed to third parties only if it is necessary for entering into and performance of a contract for the benefit of the data subject, for the performance of a legal obligation to which the Company is subject, for the protection of the Company's or a third party's legitimate interests, or for other legitimate reasons.
5.2. Without prejudice to the data recipients set out in Section 4 of the Privacy Policy, we may also provide your personal data to the following recipients:
5.2.1. public institutions, and other persons exercising functions assigned to them by law (e.g. courts, bailiffs, notaries, tax administration, supervisory authorities, financial crime investigation authorities);
5.2.2. creditors;
5.2.3. chartered accountants, legal and financial advisers;
5.2.4. companies within the group to which the Company belongs;
5.2.5. the legal entities you represent;
5.2.6. payment service providers.
5.3. The data may be processed by data processors providing the Company with cross-border collection services (EOS Cross-border platform, etc.), accounting, data centre and/or server rental, IT maintenance, external auditing, security, legal, data protection and other services.
5.4. Data processors shall have the right to process personal data only on the instructions of the Company and only to the extent necessary for the proper performance of their obligations under the data processing agreement. The Company, with the help of processors, ensures that the processors have implemented appropriate organizational and technical security measures and will maintain the confidentiality of personal data.
5.5. If the data subject is late in performing his/her obligations, on the basis of a legitimate interest in the collection of debts, the Company shall transfer information about your identity, contact details and credit history, i.e. financial obligations and their fulfilment, to the credit bureau AS Kredītinformācijas Birojs (legal entity code: 40103673493, address: Gustava Zemgala st. 76, Rīga LV-1039). The Credit Bureau shall process and provide to third parties (financial institutions, telecommunication companies, insurance companies, electricity and utility providers, trading companies, etc.) your personal data received from the Company in order to pursue its legitimate interests and purposes of assessing your creditworthiness and managing your debts. Creditworthiness assessment shall involve an automated assessment of a person's characteristics (profiling), which may adversely affect your ability to transact in the future. Automated assessment helps to ensure responsible lending and the legitimate interests of creditors. You may access your credit history by contacting the Credit Bureau AS Kredītinformācijas Birojs directly.
6. PROFILING AND AUTOMATED DECISION MAKING
6.1. We are committed to protecting your privacy and ensuring transparency in data processing. We inform you that we carry out automated decision-making, including profiling. In this process, we analyse the individual’s financial situation, reliability, and ability to pay. The aim is to improve the individual's experience in the debt recovery process, personalize the services provided by the Company, and ensure a faster and more efficient debt collection process.
7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA
7.1. Your data may be transferred outside the EU/EEA, subject to the signing of agreements with the recipients that comply with European Union law.
7.2. Data may be transferred outside the EU/EEA where the transfer is necessary for the conclusion and performance of contracts and the proper provision of services to the Company's Customers. In such a case, the Company shall take steps to ensure that any transfer of personal data outside the EU/EEA is properly executed and that the rights of data subjects are maximally protected.
7.3. When transferring personal data outside the EU/EEA, the Company shall be guided by:
7.3.1. Adequacy decision taken by the European Commission;
7.3.2. Certification mechanism approved in a foreign country;
7.3.3. Decision adopted by the European Commission on standard contractual clauses.
7.4. The third country outside the EU/EEA in which the recipient of the personal data is located shall be required by a decision of the European Commission to ensure an adequate level of protection of personal data.
8. RIGHTS OF DATA SUBJECTS
8.1. Each data subject has the following rights:
8.1.1. the right to know about the processing of personal data;
8.1.2. the right to have access to personal data and information how they are processed;
8.1.3. the right to request correction, deletion of personal data or restriction of processing of personal data;
8.1.4. the right to object to the processing of personal data, unless the processing is carried out for the purposes of a legitimate interest pursued by the data controller or by a third party to whom the personal data are disclosed and the interests of the data subject are not overriding;
8.1.5. the right to request that the provided personal data would be destroyed or that the processing of personal data be restricted;
8.1.6. the right to request that personal data, if processed by automated means, be transmitted by the data controller to another data controller, if technically feasible (data portability);
8.1.7. the right to object to automated data processing, including profiling;
8.1.8. the right to object to the processing of personal data for direct marketing purposes;
8.1.9. the right to withdraw your consent to data processing;
8.1.10. the right to lodge a complaint with the State Data Protection Inspectorate regarding the processing of personal data.
8.2. The data subject shall have the right to request the exercise of the data subject's rights orally or in writing, in person, by post or by electronic means. If the exercise of the data subject's rights is requested in writing by post, a copy of the person's personal identity document must be submitted with the request. If the data subject's personal data, such as name and surname, have changed, they shall be accompanied by a copy of the documents confirming the change in those data. In the case of a request submitted by electronic means, the request must be signed with a qualified electronic signature or must be made by electronic means which guarantee the integrity and the unalterability of the text.
8.3. The request for the exercise of the data subject's rights must be legible, signed by the data subject, and contain the data subject's name, surname, address and/or other contact details for the purpose of contacting the data subject or for the purpose of obtaining a response regarding the exercise of the data subject's rights.
8.4. The data subject may exercise his/her rights himself/herself or through a representative. The person's representative shall indicate his/her name, surname, address and/or other contact details for communication, by which the person's representative wishes to receive a reply, as well as the name of the represented person and any other data necessary for the proper identification of the data subject, and shall provide the document confirming the representation, or a copy thereof. In case of doubt as to the identity or data of the data subject, the Company shall request additional information necessary to verify it.
8.5. If the data subject does not apply in accordance with the procedure set out in this Chapter, the data subject shall be informed of the deficiencies at the latest within 7 calendar days of receipt of the application. The data subject's request shall not be considered if the data subject fails to rectify the deficiencies identified or fails to inform the Company of the reasons why the deficiencies identified cannot be rectified. In the event of objective circumstances which prevent the data subject from rectifying the deficiencies identified, the Company may, after assessing them, accept the data subject's request and process it. If the data subject applies in writing without complying with the form of the request established by the Company, this shall not be considered a deficiency in the data subject's request.
8.6. Upon receipt of the request, we shall provide a response no later than within 30 (thirty) calendar days from the date of receipt of the request. In exceptional cases, this period may be extended to additional 30 (thirty) days upon notice.
8.7. The Company, acting as Data Controller, shall have the right to reasonably refuse to exercise your rights on the grounds set out in the Regulation.
8.8. Information about the processing of your personal data is provided to you, the legality and fairness of data processing is checked, data processing activities are terminated, and the data is destroyed free of charge. Information is provided in Latvian.
8.9. You may submit your request by e-mail to dpo@legalbalance.lv, by mail or by coming to the office at Marijas st. 2A, Riga LV-1050. In order to ensure the confidentiality enshrined in Article 38(5) of the Regulation, correspondence addressed to the Data Protection Officer by mail shall be marked on the envelope as addressed to the Data Protection Officer.
9. DATA PROTECTION OFFICER
9.1. The Company has an appointed Data Protection Officer.
9.2. If you would like to exercise your rights as a data subject, please contact the Company's designated Data Protection Officer by e-mail: dpo@legalbalance.lv.
10. FINAL PROVISIONS
10.1. The laws of the Republic of Latvia shall apply to the enforcement and interpretation of the provisions of the Privacy Policy.
10.2. We may amend this Privacy Policy at any time. Any amendments to the Privacy Policy shall be posted on the Website. Amendments and/or supplements to the Privacy Policy shall come into force after their publication on the Website.
10.3. We recommend that you regularly review the Privacy Policy.
Last updated on 17.04.2025