Based on Regulation No 2016/679 on the protection of personal data
• Personal data refer to any information that applies to an identified or identifiable individual (data subject);
• Processing of personal data refers to any activity or sets of activity related to personal data or sets of personal data, as conducted with or without automated resources; this applies to activities such as collecting, registering, organising, structuring, storing, adapting or transforming, recovering, reviewing, using, disclosing, sending, disseminating or otherwise making available, harmonising or combining, limiting, erasing or destroying data;
• ADRI – Ltd. “AT Nordic”, reg.no. 40103946892, Cēres street 4, Rīga, LV-1058;
• A client is an individual (data subject) who can be directly ir indirectly identified with a reference to the identifier, thus using personal data that are in the person’s data processing system;
• Agreement by the client refers to any freely provided, specific, conscious and unambiguous statement about the desires of the subject, whereby the subject clearly confirms the subject’s approval of the processing of the relevant personal data;
• The supervisor is a person or legal entity, agency or other structure which, whether alone or with others, determines the purposes and resources of personal data processing and also provides access to personal data;
• An authorised person is an individual or legal entity, public institution, agency or other structure in the name of which personal data are processed;
• Microdata (cookies) are small text data (related to visiting Websites), as established and stored in the client’s device (computer, tablet, mobile telephone, etc.) when visiting ADRI Internet sites;
• Legitimate interests refer to the interests of the ADRI about the provision of high-quality services, as well as the legal foundation for the rule that says that the interests, fundamental rights and fundamental freedoms of the data subject are not more important than those of the company. ADRI reserves the right to process personal data to the extent that is objectively needed and sufficient to ensure timely, high-quality and comfortable services, as well as to establish and support internal processes at the company so as to avoid any fraud in relation to same;
• Profiling refers to any automated personal data processing that is manifested as the use of the data so as to evaluate specific personal aspects related to the person, particularly in terms of analysing or forecasting aspects related to the personal desires of said person: interests, trustworthiness, behaviour, location or movement, with the profiling being conducted to award bonuses, establish and distributed individual offers, as well as to transmit messages that are offered only for the purpose of direct marketing (business goals) and create no legal consequences for the client.
Processing of personal data
1. ADRI collects, processes, stores, copies, erases and protects the personal data of clients on the basis of Regulation No 2016/679 on the protection of personal data, as well as other normative acts that are in force in the Republic of Latvia.
2. In accordance with existing laws related to the data processing system for individuals, ADRI observes the following principles:
1. The lawful and honest processing of personal data;
2. The processing of personal data that have been received for specific purposes;
3. Ensuring that the received personal data are adequate and appropriate;
4. Ensuring that the received personal data are precise;
5. Ensuring that the data are not stored longer than necessary and are erased when the goal has been achieved;
6. Ensuring that the rights of individuals are observed when processing personal data;
7. Ensuring that the personal data are stored safely;
8. Guaranteeing that the personal data shall not be shared with other companies or outside of the European Union, always observing secure and adequate protection on the basis of an in line with existing laws in Latvia, as well as Regulation No 2016/679 on the protection of personal data.
Categories of personal data processing
Categories of personal data depend on the services and products used by the client, with ADRI having the right to process the following categories of personal data:
1. Data which the client submits to the ADRI;
2. Name, surname, personal code or birthdate;
3. Address, telephone number and E-mail address;
4. Bank data;
5. Communications data including information from E-mails or letters related to the client’s communication with the ADRI;
6. Microdata about visits to the Website of the ADRI;
• Should the client wish to ban the use of microdata, that can be done in browser settings, but in that case access to the site may be limited;
7. Dates, times and time spent on the Internet.
Foundations for the processing of personal data
1. Agreement from the client, with the client, as the subject of personal data providing agreement (subject’s agreement) to the collection and processing of personal data for specific purposes, with said agreement being based on free will and a personal decision that can be made or withdrawn at any moment, thus allowing ADRI to process personal data. Where agreement is withdrawn, that shall in no way affect the lawfulness of the processing or the quality of received services that are based on agreement before the withdrawal.
2. The legitimate interests of the ADRI that ensure the offer of high-quality services, with the company reserving the right to process personal client data to the extent that is objectively necessary and sufficient to ensure timely, high-quality and comfortable services, as well as to establish and support internal processes at the company.
3. The legal obligations of the company in that ADRI has the right to process personal client data to satisfy legal requirements and to provide answers to lawful requests for information from state and local government agencies.
4. The conclusion and implementation of the agreement means that the ADRI correlates and processes certain data that are collected before the agreement is concluded or during the term of the agreement so as to provide high-quality services to the client.
5. Implementing public interests or implementation of official authority means that ADRI has the right to process personal data, and in such cases the foundation for the processing of personal data is included in and described by normative acts.
6. When handling a client’s personal data, the company can conduct profiling to award bonuses, as well as to send automated individual offers that are offered only for business purposes and will create no legal consequences for the client.
Reasons for the processing of personal data
1. To conclude and implement the agreement with the client;
2. To evaluate the ability of the client to satisfy contractual obligations;
3. To ensure effective management of cashflows, including client payments and administration of debts;
4. To provide technical support in relation to services that are offered;
5. To facilitate the development of the sector and make new service offers;
6. To process statistical data and engage in market analysis.
Obtaining personal data
1. ADRI obtains personal data when the client:
1. Signs up for receiving news from the company;
2. Purchases and uses products and services from the company;
3. Takes part in competitions or surveys;
4. Visits the company’s Website;
2. ADRI and its authorised representatives have the right to process personal client data that are received from third parties (e.g., a leasing company) if the client has agreed to this, and this is done on the basis of Regulation No 2016/679 on the protection of personal data.
3. ADRI and its authorised representatives have the right to process personal client data that are received from the client, doing so on the basis of Regulation No 2016/679 on the protection of personal data.
The amount of time for keeping personal data
1. ADRI has the right to process and keep personal data until:
1. The client has withdrawn the right to process his or her data;
2. There has been a necessary deadline for the implementation and protection of the company’s legitimate interests;
3. The deadline for keeping personal data is indicated in normative acts;
4. Contractual obligations between the client and ADRI expire;
5. The goals of using personal data are finished, as specified at the time when the goals were received.
Joint use of personal data
1. ADRI provides a client’s personal data only at the necessary and sufficient level in accordance with legal requirements and taking into account the objective circumstances of the specific situation;
2. Where necessary, ADRI transfers personal data to authorised representatives of the company, doing so on the basis of Regulation No 2016/679, and/or to partners, agents or service providers involved in ensuring and improving the quality of goods or services ordered or used by the client;
3. The company has the right to transfer client data to law enforcement institutions and other state or local government institutions if required to do so by law or after the request for information from the relevant institution.
Protection of personal data
1. ADRI uses modern technologies and takes into account technical and organisational requirements to protect the personal data of clients from unauthorised access, as well as accidental loss, destruction or disclosure of the data;
2. ADRI carefully examines all authorised persons, partners, agents, service providers and company employees who process personal client data, also evaluating the use of appropriate security steps and storage of personal data in accordance with legal requirements;
3. The company bears no responsibility for any unauthorised access to personal data and/or the loss of personal data if that does not depend on the company (e.g., the client’s fault and/or negligence).
Rights of the client
1. The client has the right to withdraw the right to receive commercial announcements at any time, as well as to object to the profiling of his or her data;
2. This withdrawal does not influence the lawfulness of the processing of personal data and/or the quality of received services, as based on the agreement before the withdrawal;
3. The client has the right to amend all personal data about himself or herself that are at the company’s disposal.
4. The client has the right to demand the erasing or limiting of the processing of personal data that is no longer necessary in accordance with the reasons why it was collected and processed after the request was submitted (the “right to be forgotten”).
5. The client has the right to obtain information about individuals or legal entities that have received information about the client.
6. The client has the right to receive or transfer his or her personal data to another data supervisor (“transferability of data”), this right including only those data which the client has provided to the company on the basis of his or her approval or agreement and if the processing is automated; written requests must be submitted to receive the aforementioned rights.