Privacy policy

The purpose of this Privacy Policy is to provide the natural person - the Lahdes Service Customer - with information about the purpose, scope, protection, processing time and data subject's rights of data processing, as well as the processing of the Customer's personal data.

Manager and contact information

  1. The controller of personal data processing is SIA Lahdes (hereinafter - Lahdes), unified registration no. 40203183826, registered office in Riga, 34 Saulgo┼żu Street, LV-1055.

Scope of application of the document

Purposes of processing personal data

  1. Lahdes processes personal data for the following purposes:
    • To provide services and services:
      • customer identification;
      • preparation, conclusion and proof of the conclusion of the contract;
      • service provision / maintenance;
      • promoting, promoting and distributing the service;
      • customer service;
      • handling and processing of submissions and objections;
      • customer retention, loyalty, satisfaction measurement;
      • billing administration;
      • maintaining and improving websites and mobile apps.
    • Business Planning & Analytics:
      • statistics and business analysis;
      • planning and accounting;
      • measuring effectiveness;
      • market and public opinion research;
      • preparation of reports;
      • conducting customer surveys;
      • risk management activities.
      • Information, information systems and company security.
      • Provision of information to state administration institutions and subjects of operational activities in cases and to the extent prescribed by external regulatory enactments.
      • For other specific purposes for which the Customer is informed at the time he provides relevant data to Lahdes.

Legal grounds for personal data processing

  1. Lahdes processes the Customer's personal data based on the following legal bases:
    • for the conclusion and performance of the contract - to conclude the contract according to the Client's application and ensure its execution;
    • for the fulfillment of regulatory enactments - to fulfill the obligation specified in the binding external regulatory enactments of Lahdes;
    • in accordance with the Customer's data subject's consent;
    • legitimate interest - in order to realize the legitimate interests of Lahdes arising from the obligations existing between Lahdes and the Client or the contract entered into or the law;
    • to ensure the vital interests of the data subject or other natural persons - to ensure the security of the data of the persons and users employed by Lahdes.
  2. Lahdes legitimate interests are:
    • conduct business;
    • to verify the Customer's identity before providing access to Lahdes service;
    • Ensure fulfillment of contract obligations;
    • to analyze the activities of Lahdes websites, websites and mobile applications, to develop and implement their improvements;
    • administer the Customer's account on Lahdes Internet sites and mobile applications;
    • to carry out activities for holding Clients;
    • segment customer database for more efficient service provision;
    • create and develop goods and services;
    • Promote our goods and services;
    • to conduct Customer Surveys on Goods and Services and their Use Experience (NPS);
    • identify technical problems as well as illegal activities and prevent them;
    • to prevent fraud;
    • providing corporate governance, financial and business accounting and analytics;
    • to provide effective business management processes;
    • to ensure efficiency of service provision;
    • to ensure and improve the quality of services;
    • administer payments;
    • administer outstanding payments;
    • inform the public about their activities.

Processing of personal data

  1. Lahdes processes Customer data using modern technology, taking into account existing privacy risks and Lahdes reasonably available organizational, financial and technical resources.

Protection of personal data

  1. Lahdes protects Customer data using modern technology capabilities, taking into account existing privacy risks and Lahdes reasonably available organizational, financial and technical resources, including through the following security measures:
    • Data encryption for transmitting data (SSL encryption);
    • Data encryption when storing data;
    • Data encryption, from sender to recipient, files and documents sent;
    • Firewalls;
    • Intrusion protection and detection programs;
    • Other protection measures according to current technical development possibilities.

Categories of recipients of personal data

  1. Lahdes does not disclose personal data of the Customer or any information obtained during the provision of services to third parties, except:
    • in accordance with the Customer's clear and unambiguous consent;
    • to persons specified in external regulatory enactments at their reasoned request, in accordance with the procedures and in the amount prescribed by external regulatory enactments;
    • for the protection of the legitimate interests of Lahdes, for example in the courts or in other state institutions against a person who has violated the legitimate interests of this Lahdes.

Duration of personal data storage

  1. Lahdes stores and processes Customer's personal data for at least one of the following criteria:
    • the data are necessary for the purpose for which they were received;
    • while Lahdes or the Client may exercise his or her legitimate interests in accordance with the procedures specified in external regulatory enactments (for example, to file an objection or to bring or take legal action);
    • while one of the parties has a legal obligation to keep the data (for example, according to the Accounting Law, the invoices issued to the company must be kept for 5 years, etc.);
    • as long as the Customer's consent to the relevant processing of personal data is in force, unless there is another legitimate basis for the processing of the data.
After the circumstances referred to in this paragraph cease, the Customer's personal data shall be deleted. Audit records are stored for at least one year from the date of their performance in accordance with regulatory enactments.

Access to personal data and other Customer rights

  1. The Customer is entitled to receive the information specified in regulatory enactments related to the processing of his / her data. Most of the Customer's information has already been placed in and in applications that the Customer uses to receive Lahdes services and where the Customer can verify the accuracy of their data and, if necessary, manage them, including changes.
  2. The Client also has the right, in accordance with regulatory enactments, to request Lahdes access to his personal data, as well as to require Lahdes to replenish, correct or delete it, or to limit the processing of the Customer, or the right to object to the processing (including the processing of personal data based on legitimate interests of Lahdes) and the right to data portability. This right shall be exercised insofar as the processing of data does not follow from Lahdes obligations imposed on him by the laws and regulations in force and which are made in the public interest.
  3. The Customer may submit a request to exercise their rights:
    • electronic mail signing with secure electronic signature;
    • Using to send documents to Lahdes.
  4. Upon receipt of the Customer's request for the exercise of its rights, Lahdes shall assess the request and execute it in accordance with regulatory enactments.
  5. Lahdes response to the Customer shall be sent to the self-service portal, or taking into account the type of response indicated by the Customer.
  6. Lahdes ensures the fulfillment of data processing and protection requirements in accordance with regulatory enactments and in case of Client's objections performs useful actions to resolve the objection. However, if it fails, the Client has the right to apply to the supervisory authority - the Data State Inspectorate.

Customer's consent to data processing and right to revoke it

  1. Customer can consent to the processing of personal data whose legal basis is consent (for example, analysis of service usage data, etc.) by authoring self-service and other web sites (for example, newsletters).
  2. The Customer has the right at any time to revoke the consent given to the data processing in the same way as it is given, by authorizing the self-service, in which case further processing based on the above consent for the purpose in question will no longer be performed.
  3. The withdrawal of consent shall not affect the processing of data performed at the time the Customer's consent was valid.
  4. Withdrawal of consent may not result in interruption of data processing carried out on the basis of other legal bases.

Communication with Customer

  1. Lahdes makes contact with the Customer using the Customer's contact information (telephone number, e-mail address, self-service, as well as application notifications (notifications)).

Website visits and cookie processing

  1. Lahdes websites can use cookies. Cookies processing rules are available here.
  2. Links to third party internet sites that have their own usage and personal data protection rules may be posted on Lahdes websites, which Lahdes has no responsibility for.

Different rules

  1. Lahdes has the right to make additions to the Privacy Policy by making available to the Customer its current version in his user profile at Lahdes Self-Service Portal, as well as - by placing it on Lahdes homepage.
  2. Lahdes retains the previous version of the Privacy Policy and it is available on the Lahdes website.
  3. This Privacy Policy comes into effect on March 1, 2019.

Data categories

No. Data Category Examples
1 Personal identification data name, surname, personal identity number
2 Personal contact information telephone number, email address
3 data user number, actions taken on Lahdes portal
4 Customer analytics data membership category, segment, age group, age segment, language, gender, etc.
5 CRM * Activity Data Activity Number, Type, Date, Category, Owner
6 Communication data type, number, date, registrant, content, channel, delivery status of incoming / outgoing communication
7 Purchase data for the service The advance payment information for the Lahdes service
8 Statement of objections / applications Number of opposition / application, date / type of registration / settlement, type, description
9 Customer survey data survey name, date of dispatch, response date, survey questions, and answers
10 Actions taken on Lahdes web pages IP address, names of actions performed, section of web page, date and time
11 Consent ** information Customer's endorsement by topic, date and time of consent, source
* CRM (Customer Relationship Management) - Customer Relationship Management System.
** Consent - a free, unambiguous confirmation of the client's willingness to process his / her personal data according to the information provided by Lahdes.