Privacy Policy

Last updated: 14.02.2024

Privacy Policy
 of SIA “BALTIC COUNCIL”

1. Controller of personal data processing
1.1. The Controller of personal data processing is the SIA “BALTIC COUNCIL”, unified registration number 41203037717, registered office: 17, Kuldigas str., Ventspils, Latvia, LV 3601, telephone +371 636 07869, e-mail address: info@balticcouncil.org, hereinafter referred to as the Controller, which using technical and organisational data protection measures, shall process the data of the Service Recipient (hereinafter referred to as the Customer ), as well as the data of other persons to the extent and in the manner required and permitted by the laws and regulations of the Republic of Latvia and the European Union.
The Processor. On behalf of the Controller, the Customer’s data may also be received and processed by other personal data processors affiliated with and authorised by the SIA “BALTIC COUNCIL”
2. TERMS AND DEFINITIONS
2.1. Data Subject (hereinafter referred to as “Subject”) – any natural or legal person who has communicated their personal data to the Controller and whose data is processed by the Controller in accordance with the General Principles for the Processing of Personal Data.
2.2. Personal Data (hereinafter – Data) – data about the Subject that the Subject has provided to the Controller through the Controller’s website https://www.balticcouncilfairs.org, such as online application forms, cookies, subscription to the Controller’s newsletters, notifications or other services, via e-mail or telephone. This Data includes the Subject’s name, surname, contact telephone number, email address and other personal identification data.
2.3. Processing of Personal Data – any operation performed on the Data, collection, recording, organisation, storage, transformation, granting of access, consultation and retrieval, use, transfer to third parties (for the purposes of initiating and providing services, as well as for the fulfilment and provision of contractual obligations), mutual use, erasure or any of the aforementioned operations, regardless of the manner in which the operations are performed or the means used.
2.4. Third Party – any natural or legal person other than the Subject, the Controller or a person who processes the Data on behalf of the Controller.
3. Applicable legislation:
3.1. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “General Data Protection Regulation”);
3.2. Personal Data Processing Law;
3.3. Archives Law;
3.4. Accounting Law;
3.5. Electronic Documents Law;
3.6. etc.
4. What is the privacy policy?
4.1. The Privacy Policy (hereinafter referred to as the Policy) provides information on how the Controller (the SIA “BALTIC COUNCIL”) collects, processes, stores, shares, deletes and protects the Customer’s and other persons’ data, thereby ensuring that the Customer’s personal data is processed lawfully, fairly and in a manner that is transparent to the Customer. The Policy shall be applicable to the personal data of the Customer, any data processing of a natural person and the service provided to the Customer.
4.2. If the Controller updates this Policy, any changes will be posted on the website of the SIA “BALTIC COUNCIL” https://www.balticcouncilfairs.org , in the “About Us” section.
4.3. In order to provide the Customer with better and more appropriate products and services, as well as to provide, maintain, protect and improve existing products and services, SIA “BALTIC COUNCIL” processes data collected from the provision of services.
5. What personal data is processed by SIA “BALTIC COUNCIL”?
5.1. The categories of personal data processed by SIA “BALTIC COUNCIL” depend on the services used by the Customer. SIA “BALTIC COUNCIL” is entitled to process the following categories of personal data for the purposes set out in paragraph 7 of this Policy:
5.1.1. name, surname, personal identity number/date of birth, correspondence address, telephone number and e-mail address;
5.1.2. bank data;
5.1.3. personal identification document data (document number, date and place of issue etc.);
5.1.4. education documents;
5.1.5. data which the Customer itself communicates to SIA “BALTIC COUNCIL”.
5.2. SIA “BALTIC COUNCIL” processes the following data in the course of the provision of services for the purposes set out in paragraph 7 of this Policy:
5.2.1. the telephone numbers provided by the Customer, which shall be called if necessary if the Customer cannot be reached;
5.2.2. information required for the process of education abroad;
5.2.3. and other personal data, depending on the type of service provided to the Customer and for the processing of which the consent of the data subject has been obtained.
6. PURPOSES AND PRINCIPLES OF PROCESSING OF PERSONAL DATA
6.1. Customer’s consent – as a personal data subject, the Customer shall give consent to the collection and processing of personal data for certain purposes. The consent of the Customer for direct marketing purposes with the aim of making new and individual offers will apply to the activities of SIA “BALTIC COUNCIL” after the General Data Protection Regulation becomes applicable. The consent of the Customer is by their free will and an independent decision, which can be given at any time, thus allowing SIA “BALTIC COUNCIL” to process personal data for the set purposes. The Customer’s consent shall be binding upon them if it is provided orally (during a telephone conversation after the Customer has been identified) or in writing by filling in a form at the office of SIA “BALTIC COUNCIL”, or by sending an electronic request after the Customer has been identified. The Customer has the right to withdraw his/her prior consent at any time through the specified channels of communication with SIA “BALTIC COUNCIL”. The notified changes will take effect within three working days of receipt of the application. Revocation of consent shall not affect the lawfulness of processing, which is based on the consent before revocation.
6.2. Conclusion and performance of the contract – in order for SIA “BALTIC COUNCIL” to conclude and perform the contract with the Customer, to provide quality services and to serve the Customer, it must collect and process certain personal data that is collected before the conclusion of the contract with SIA “BALTIC COUNCIL” or during the already concluded contract.
6.3. Legitimate interests of SIA “BALTIC COUNCIL”– taking into account the interests of SIA “BALTIC COUNCIL”, which are based on the provision of quality services and timely support to the Customer, SIA “BALTIC COUNCIL” has the right to process the Customer’s personal data to the extent objectively necessary and sufficient for the purposes specified in paragraph 7 of this Policy. The processing of personal data by providing direct services shall be considered a legitimate interest of SIA “BALTIC COUNCIL”.
6.4. Compliance with the legal obligations – SIA “BALTIC COUNCIL” is entitled to process personal data in order to comply with the requirements of regulatory enactments, as well as to respond to lawful requests of the state and local government.
6.5. Protection of vital interests – SIA “BALTIC COUNCIL” is entitled to process personal data in order to protect the vital interests of the Customer or another natural person, e.g., when processing is necessary for humanitarian purposes, for monitoring natural and man-made disasters, in particular epidemics and their spread, or in humanitarian emergencies (acts of terrorism, technogenic disasters, etc.).
6.6. Exercise of official authority or public interest – SIA “BALTIC COUNCIL” is entitled to process data for the performance of a task carried out in the public interest or in the exercise of official authority lawfully conferred upon SIA “BALTIC COUNCIL”. In such cases, the grounds for personal data processing are included in the laws and regulations.
6.7. The Policy is applied to ensure privacy and Data Protection for: a) natural persons – customers and their legal representatives (including prospective, former and existing), as well as third parties who receive or provide any information to the Controller in connection with the provision of services to a natural person (including contacts, payers, etc.); b) visitors to the websites and mobile applications maintained by the Controller.
6.8. The Controller shall take care of the privacy and Data protection of the Subjects, respect the rights of the Subjects to the lawfulness of Data processing in accordance with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and other applicable privacy and data processing legislation.
6.9. The Policy applies to the processing of Data regardless of the form and/or environment in which the Subject provides the Data (on the Controller’s website, mobile applications, in paper form or by telephone) and on which of the Controller’s systems the Data is processed or if such is in paper form.
6.10. The Controller undertakes not to transfer or lease the Data to third parties (except for where the transfer of the Data is necessary for the performance of mutual obligations).
6.11. In processing the Data, the Controller shall comply with the principles set out in the Personal Data Protection Law and the EU General Data Protection Regulation.
7. For what purposes will SIA “BALTIC COUNCIL” process the Customer’s personal data?
7.1. SIA “BALTIC COUNCIL” processes personal data in order to ensure the quality, timely and appropriate provision of services to the Customer during the contractual relationship with SIA “BALTIC COUNCIL”:
7.1.1. For the purpose of control of Customer relations (incl. at a distance), when ensuring entering into Contracts and the performance thereof, and also implementation of the processes related thereto;
7.1.2. For the examination of complaints by the Customer and provision of support (incl. technical support) in relation to the provided services;
7.1.3. efficient management of cash flow, incl. administration of payments and debts of the Customer.
7.2. SIA “BALTIC COUNCIL” processes personal data in order to promote the development of the sector and to offer new services to the Customers, including:
7.2.1. for developing and offering new services;
7.2.2. for market analysis and business model development, where the processing of statistical data of clients of SIA “BALTIC COUNCIL” is carried out.
7.3. SIA “BALTIC COUNCIL” processes personal data in order to establish and maintain the internal processes of SIA “BALTIC COUNCIL”, to ensure the circulation of documents and other internal processes (e.g., archiving of contracts and other documents) to the extent necessary and sufficient for this purpose.
7.4. SIA “BALTIC COUNCIL” is entitled to process the data for the purposes indicated below, as well as for other purposes, subject to the freely given and explicit consent of the Customer:
7.4.1. Verification of the Customer’s personal data in the databases of debt history before the conclusion of the contract in order to assess the Customer’s ability to fulfil the obligations of the contract when during the validity of the contract such verification is necessary in order to offer the Customer new and more advanced services;
7.4.2. To promote the image of SIA “BALTIC COUNCIL” on the market by granting bonuses, organising surveys to improve existing services, seminars and training, as well as to develop new services.
8. Does the Customer have the right to restrict his or her data processing?
8.1. The Customer has the right to object to the processing of his/her personal data or to refuse to receive commercial communications at any time by informing SIA “BALTIC COUNCIL” orally (during a telephone conversation after the Customer has been identified) by calling, in writing, by filling in a form at the office of SIA “BALTIC COUNCIL”, or by sending an electronic request, signed with a secure electronic signature, to the e-mail address. The notified changes will take effect within three working days and may apply to some or all of the data provided by the Customer (depending on the Customer’s wishes, but not to data without which the performance of the contractual obligations is impossible). Changes will not affect the lawfulness of personal data processing before the objections and/or refusal by the Customer indicated in this Paragraph.
9. How does SIA “BALTIC COUNCIL” obtain the Customer’s personal data?
9.1. SIA “BALTIC COUNCIL” obtains the Customer’s personal data when the Customer:
9.1.1. uses the services of SIA “BALTIC COUNCIL” (at the office of SIA “BALTIC COUNCIL” or remotely, with prior identification of the Customer);
9.1.2. subscribes to receive news, alerts or other services from SIA “BALTIC COUNCIL”;
9.1.3. asks SIA “BALTIC COUNCIL” for more information about the service used by the Customer or contacts SIA “BALTIC COUNCIL” in connection with a complaint or request for information identifying the Customer;
9.1.4. participates in competitions, lotteries or surveys;
9.2. SIA “BALTIC COUNCIL” may process the Customer’s personal data received from third parties if the Customer has given consent to this (e.g., from holders of debt history databases, etc.).
10. What is the duration of personal data processing of the Customer?
10.1. SIA “BALTIC COUNCIL” will process the Customer’s personal data as long as at least one of the following circumstances exists:
10.1.1. the Contract between the Customer and SIA “BALTIC COUNCIL” is valid;
10.1.2. the time period for personal data storage is determined or arising from laws and regulations of the Republic of Latvia and the European Union;
10.1.3. to the extent necessary for the exercise and protection of the legitimate interests of SIA “BALTIC COUNCIL”, such as:
10.1.3.1. by reservation: 10 years, subject to statutory storage obligations;
10.1.3.2. requests/proposals: 2 years.
10.1.4. as long as the consent of the Customer for personal data processing is not revoked.
11. Sharing of personal data of the Customer
11.1. In order to provide services to the Customer, SIA “BALTIC COUNCIL” may share the Customer’s personal data with:
11.1.1. business partners involved in the provision of the services used by the Customer (provision of education abroad);
11.2. SIA “BALTIC COUNCIL” is obliged to provide information on personal data to law enforcement authorities, court or other state and municipal authorities if it results from regulatory enactments or an information request of the respective authority;
11.3. SIA “BALTIC COUNCIL” will only provide the Customer’s personal data to the extent necessary and sufficient in accordance with the requirements of regulatory enactments and the objective circumstances of the particular situation;
11.4. SIA “BALTIC COUNCIL” reserves the right to transfer the Customer’s personal data to other service providers if necessary for better service and quality of service to the Customer.
12. How does SIA “BALTIC COUNCIL” protect the Customer’s personal data in its possession?
12.1. SIA “BALTIC COUNCIL” shall ensure, continuously review and improve security measures to protect the Customer’s personal data from unauthorised access, accidental loss, disclosure or destruction. In order to ensure this, SIA “BALTIC COUNCIL” applies modern technologies, technical and organisational requirements, including firewalls, intrusion detection, analysis software and data encryption.
12.2. SIA “BALTIC COUNCIL” carefully checks all service providers that process the Customer’s personal data on behalf of SIA “BALTIC COUNCIL”, as well as assesses whether the cooperation partners (personal data processors) apply appropriate security measures to ensure that the processing of the Customer’s personal data is carried out in accordance with the delegation of Controller and the requirements of the regulatory enactments. Such delegation by the Controller shall be subject to a separate agreement with the Data Processor, in which the Data Processor undertakes to comply with the requirements of the applicable laws and regulations. Co-operation partners are not allowed to process personal data of the Customer for their own purposes.
12.3. SIA “BALTIC COUNCIL” shall not be liable for any unauthorised access to personal data and/or loss of personal data if it is not dependent on SIA “BALTIC COUNCIL”, for example, due to the fault and/or negligence of the Customer.
12.4. SIA “BALTIC COUNCIL” shall not disclose the Customer’s personal data or any information obtained during the provision of services and the term of the contract to third parties, including information about the services received, except: if the third party in question is required to transfer the data within the framework of the concluded contract in order to perform a function necessary for the performance of the contract or delegated by law; in accordance with the Customer’s explicit and unambiguous consent; to persons provided for by external laws and regulations upon their justified request in accordance with the procedure and to the extent provided for by external laws and regulations; in cases provided for by external laws and regulations for the protection of the legitimate interests of the Controller, for example, in the case of legal proceedings or to other public authorities, regarding a person who has infringed the legitimate interests of the Controller.
12.4. In the event of a threat to the Customer’s personal data, SIA “BALTIC COUNCIL” will notify the Customer.
13. What are the rights of the Customer?
13.1. Contact SIA “BALTIC COUNCIL” to obtain copies of the personal data held by the Controller.
13.2. To correct any personal data held by the Controller about itself by requesting changes by calling or in writing, by filling in a form at the office of SIA “BALTIC COUNCIL”, or by sending an electronic request to an e-mail address that is signed with a secure electronic signature.
13.3. The Customer has the right to obtain information about those natural or legal persons who have received information about that Customer from the Controller within a certain period of time. SIA “BALTIC COUNCIL” will not provide the Customer with information about state institutions which are the instigators of criminal proceedings, subjects of operational activities or other institutions regarding which the law prohibits the disclosure of such information.
13.4. Request to delete or restrict the processing of those personal data, the processing of which is no longer necessary in accordance with the purposes for which they have been collected and processed (the right “to be forgotten”).
13.5. The Customer has the right to the portability of his/her personal data when changing service providers.
13.6. Contact the Controller or the supervisory authority for personal data processing (Data State Inspectorate, www.dvi.gov.lv) with questions regarding the processing of personal data;
13.7. Contact the Data Protection Officer of the Controller for information on the processing and protection of the Customer’s personal data.
In the case of any questions regarding the processing of personal data, you can contact the Controller – registered office: 17, Kuldigas str., Ventspils, LV-3601, phone +371 636 07869 E-mail: info@balticcouncil.org.