SIA Atvedīsim.lv undertakes to protect your privacy. Should you have any questions or concerns regarding the use of your personal data, please contact us at: info@atvedisim.lv and we will be pleased to assist you. By using the SIA Atvedīsim.lv website and/or our services, you agree to the processing of your personal data in accordance with this Privacy Policy. This Privacy Policy forms an integral part of our Terms of Service. By agreeing to the Terms of Service, you also agree to the SIA Atvedīsim.lv Privacy Policy.

1. Purpose and Scope of the Privacy Policy 

1.1. The purpose of the Privacy Policy of SIA Atvedīsim.lv (hereinafter – the Controller) is to inform existing and potential clients, cooperation partners and their representatives, employees, and other persons about the Controller’s activities related to the processing and protection of personal data of identifiable natural persons (hereinafter – the Data Subject), data retention periods, and the rights of the Data Subject in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter – the Regulation). 
1.2. The Policy applies to the processing of personal data of natural persons regardless of the form and/or environment in which the Data Subject provides personal data or in which the Controller obtains it (for example, on the Controller’s premises, on the website, on social media, in paper form, orally, electronically, by telephone, etc.). 
1.3. The Controller reserves the right to amend the Policy at its discretion. The Policy is available on the Controller’s website www.atvedisim.lv (hereinafter – the Website) and is effective from the date of its approval. 

2. Identity and Contact Information of the Controller

2.1. The controller of personal data processing is SIA Atvedīsim.lv, registration number 40203598030, legal address: Dienvidu iela 7 k.3 - 26, Salaspils, Salaspils Municipality, LV-2169. The Controller’s contact telephone number is +371 26891499, and the email address: info@atvedisim.lv

3. Categories of Data Subjects. Purposes and Legal Basis of Data Processing
 
3.1. The Controller processes personal data of the following natural persons: 
3.1.1. Employees of the Controller and their designated contact persons;
3.1.2. Potential employees of the Controller;
3.1.3. Clients, their representatives and designated contact persons;
3.1.4. Potential clients of the Controller, their representatives and designated contact persons;
3.1.5. Cooperation partners, their representatives and designated contact persons. 
3.2. The Controller processes personal data lawfully, fairly and in a transparent manner in relation to the Data Subject for the purpose of: 
3.2.1. Identifying individuals;
3.2.2. Offering and providing services and products to clients and potential clients, including communication related to the services provided, invoices or sales, and upon request of clients or potential clients;
3.2.3. Ensuring and improving the quality of services and products provided;
3.2.4. Conducting customer satisfaction surveys;
3.2.5. Managing and analysing the Controller’s customer database, for example, purchasing behaviour and history, in order to improve the quality, assortment and availability of the offered products and services;
3.2.6. Detecting and preventing criminal offences or administrative violations within the Controller’s territory and vehicles;
3.2.7. Fulfilling legal obligations applicable to the Controller;
3.2.8. Implementing the Controller’s publicity and marketing activities, including sending personalised offers to clients and potential clients from the Controller or its carefully selected cooperation partners;
3.2.9. Protecting its own and the Data Subject’s rights and lawful and legitimate interests, including but not limited to: conducting and administering business activities, providing services, verifying the identity of the Data Subject prior to concluding a contract (providing a service), receiving payments, and securing evidence. This list of legitimate interests is not exhaustive and may be amended. 
3.3. The Controller processes the following categories of personal data: 
3.3.1. General contact information – name, surname, address, telephone number, email address;
3.3.2. Birth data – personal identification number or date of birth;
3.3.3. Payment data – bank account number, payment card number;
3.3.4. Photograph;
3.3.5. Security camera video and audio recordings;
3.3.6. Telephone call recordings;
3.3.7. Health data – for the purpose of ensuring mandatory initial and periodic health examinations of employees;
3.3.8. Information regarding a person’s education, work experience, current employment, positions, professional activities and interests – for the purpose of evaluating employees’ and potential employees’ suitability for vacancies offered by the Controller;
3.3.9. Cookies used on websites, which allow the Controller to obtain information about visitor activities, page views, sources and time spent on the Website. This information is obtained to improve visitor convenience and to ensure that the Data Subject receives the best possible service. 3.4. The legal basis for the Controller’s processing of personal data is: 
3.4.1. Article 6(1)(a) of the Regulation, which provides that processing is lawful where the Data Subject has given consent to the processing of his or her personal data for one or more specific purposes;
3.4.2. Article 6(1)(b) of the Regulation, which provides that processing is lawful where it is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract;
3.4.3. Article 6(1)(c) of the Regulation, which provides that processing is lawful where it is necessary for compliance with a legal obligation to which the Controller is subject;
3.4.4. Article 6(1)(f) of the Regulation, which provides that processing is lawful where it is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a child;
3.4.5. Article 9(2)(h) of the Regulation, which provides that processing of health data is lawful where it is necessary for […] the assessment of the working capacity of the employee […]. 
3.5. Additional Provisions
3.5.1. Unless the Data Subject has informed the Controller otherwise, the Controller considers it to be within its legitimate interests to offer the Data Subject products and services similar or identical to those based on purchase history or arising from browsing activities on the Website.
3.5.2. The Controller reserves the right to anonymise collected personal data and use it outside the scope of the Policy, for example, in interviews or for expressing public opinions regarding societal or consumer trends, exclusively in anonymised form.
3.5.3. The Controller may process the Data Subject’s personal data for additional purposes not mentioned in the Policy but compatible with the initial purpose of data collection in accordance with the Policy. The Controller ensures that the link between the purposes, context and nature of the personal data is appropriate for further processing and that such further processing will not adversely affect the Data Subject’s interests, and that safeguards will be applied. The Controller shall inform the Data Subject of any such further processing and its purposes.

4. Data Retention Period 

4.1. The retention period of the Data Subject’s personal data depends on the purpose and legal basis of processing. The Controller shall retain the Data Subject’s personal data for as long as required by the laws of the Republic of Latvia or for the duration of the concluded service agreement and, in accordance with the Commercial Law, for 3 years after termination of the agreement (commercial limitation period), or in accordance with the Controller’s legitimate interests, or where another legal basis exists. 
4.2. In accordance with the Accounting Law, supporting documents shall be retained until the date necessary to determine the commencement of each economic transaction and to trace its course, but not less than 5 years; however, supporting documents relating to calculated remuneration of employees, payment for granted leave, compensation for unused annual paid leave, compensation for forced absence from work, etc., shall be retained for 10 years. 
4.3. Data processed on the basis of the Data Subject’s consent shall be retained until the withdrawal of such consent. 
4.4. Data necessary to prove the fulfilment of the Controller’s obligations shall be retained for the general limitation period for claims in accordance with statutory limitation periods – 10 years under the Civil Law and other applicable periods, taking into account the time limits for bringing claims set out in the Civil Procedure Law. 
4.5. The Data Subject’s data shall be deleted or destroyed when the Controller no longer requires them in accordance with applicable legal requirements, contractual obligations, the Controller’s legitimate interests, or upon withdrawal of the Data Subject’s consent (where consent is the legal basis for processing). 
4.6. Video surveillance recordings (after recording) are stored on average for up to 15 days or longer where there is a legal basis.

5. Transfer of Personal Data Outside Latvia

5.1. Processed personal data shall not be transferred outside Latvia, the EU or the EEA, nor to any international organisation, unless the Data Subject has given his or her consent.

6. Recipients of Personal Data

6.1. Video surveillance data may, upon a justified request, be disclosed to pre-trial investigation authorities, operational activity entities, security personnel, state security authorities, the prosecutor’s office and courts, as well as to the Controller’s contracted data processor. 
6.2. The Data Subject’s personal data, where there is a legal basis, may be transferred to state authorities, insurance companies, banks, marketing service providers, social network operators, the Website and email server service provider, debt collection companies, payment processors, legal representatives or authorised persons of the Data Subject, the Controller’s contracted personal data processors, software maintainers, IT and telecommunications service providers. This list is not exhaustive and may be amended. The Controller carefully verifies all service providers who process personal data on behalf of and under instructions of the Controller. The Controller assesses whether cooperation partners (data processors) apply appropriate security measures to ensure that the Data Subject’s personal data is processed in accordance with the Controller’s assignments, instructions and regulatory requirements. Such cooperation partners are not entitled to use the Data Subject’s personal data for purposes unrelated to their direct functions.

7. Security of Personal Data Processing

7.1. The Controller ensures that personal data are processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate physical and logical protection and preventive measures.
7.2. In the event of any data security incident, the Controller shall inform the competent authorities of data breaches or violations and cooperate with them. The Controller shall inform the Data Subject of any threat to his or her rights or interests.

8. Rights of the Data Subject

8.1. The Data Subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to such data and the information referred to in Article 15(1) of the Regulation. 
8.2. The Data Subject has the right to request, by substantiating his or her request, that the Controller rectify inaccurate personal data without undue delay. Taking into account the purposes of the processing, the Data Subject has the right to have incomplete personal data completed, including by providing a supplementary statement. 
8.3. In accordance with Article 17 of the Regulation, the Data Subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay where one of the grounds specified in that Article applies. 
8.4. The Data Subject has the right to obtain from the Controller restriction of processing where one of the conditions set out in Article 18 of the Regulation applies. 
8.5. The Data Subject has the right to withdraw his or her consent to the processing of personal data at any time, where such consent has been given.
8.6. If the Data Subject considers that his or her rights have been or may be violated, he or she shall immediately submit a complaint to the Controller. After receipt of the complaint, but not later than within the time limit set by regulatory enactments, the Controller shall contact the Data Subject and inform him or her of the progress and outcome of the complaint examination. 
8.7. The Data Subject has the right to lodge a complaint with the Data State Inspectorate if the Data Subject considers that the Controller infringes the Data Subject’s rights and lawful interests in the field of personal data protection. A complaint may be submitted by post, by email (documents signed with a secure electronic signature sent to: info@dvi.gov.lv), or delivered to Elijas iela 17, Riga, LV-1050.

9. Cookies  

9.1. For the purpose of Website functionality and user convenience, the Controller uses cookies. Each Website visitor, upon visiting the Website, is offered the opportunity to consent to the use of cookies by enabling all cookies by pressing the “Agree” button, or to refuse the use of cookies by enabling only technical cookies necessary to ensure the operation of the Website and which do not require user consent, by pressing the “Disagree” button. Consent may be withdrawn at any time by changing the settings of the internet browser (for example, Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, etc.) and deleting stored cookies.
9.2. The Controller informs every Website visitor, including the Data Subject, about the Controller’s cookie policy in the Website section “Cookie Policy”, which is considered an integral part of the Policy.

10. Third-Party Services

10.1. Each time a person visits the Website, third-party software “Google Analytics” may be used on behalf of the Controller and in its legitimate interests to collect information about how individuals use the Website, for example, recording actions on the Website and determining behavioural patterns. This service is used to determine how many visitors access the Website and which sections are visited. The collected information helps determine how the Website operates and how the Controller may improve it. The Controller does not identify the identity of the Website visitor and does not permit “Google Analytics” to do so.

 11. Amendments to the Privacy Policy

11.1. The Controller reserves the right to make amendments to this Policy. The updated and amended Policy shall enter into force upon its publication on the Website. It is the responsibility of the Data Subject to ensure that he or she is satisfied with the current version of the Policy. The indication below “Last updated” shows the date on which the Policy was last updated.

Last updated: 23 October 2025