GDPR EN

I. TERMS AND DEFINITIONS

1. Company - self-employed person Gints Janelsiņš
2. Personal data - any information relating to an identified or identifiable natural person.
3. Processing of personal data - any activity carried out with personal data, including the collection, recording, input, storage, arrangement, modification, use, transfer, transmission and disclosure, blocking or erasure of data.
4. Data subject - a natural person who can be directly or indirectly identified.
5. Controller - a natural or legal person, a state or local government institution which, alone or together with others, determines the purposes and means of processing personal data, as well as is responsible for the processing of personal data in accordance with this Law.
6. Sensitive personal data - personal data that indicates a person's race, ethnic origin, religious philosophical and political beliefs, trade union membership, as well as provides information about a person's health or sexual life.
7. Personal data processing system - a fixed structured set of personal data in any form, which is accessible in compliance with the relevant personal identification criteria.

II. GENERAL TERMS

1. These Regulations govern the processing of the Company's personal data. The Regulations set out the principles and methods for the processing of personal data both electronically and manually. The Regulations determine the rights of the Data Subject, the permissible scope of personal data processing, the obligations of the Controller, as well as other issues related to the processing of personal data.
2. The purpose of the personal data protection regulations is to determine the procedure for personal data processing in the Company, ensuring compliance with the "Personal Data Protection Law" and other regulatory enactments that regulate personal data protection.
3. The purpose of the Regulations is to ensure the implementation of the main technical and organizational measures that would ensure the observance of the data subject's rights and data security.
4. These terms and conditions are binding on the Company.
5. The Regulations have been developed in accordance with the regulatory enactments that regulate the protection of personal data in Latvia.

III. BASIC PRINCIPLES AND PROTECTION OF PERSONAL DATA PROCESSING

1. The company shall observe the following principles of personal data security:
1.1. Every natural person has the right to the protection of his or her personal data.
1.2. Personal data may be obtained only in the cases specified in regulatory enactments.
1.3. When collecting and processing personal data, the Controller ensures the fair and lawful processing of personal data.
1.4. Timely and regular updating of personal data must be ensured. Inaccurate or incomplete data must be corrected, supplemented, destroyed or their use prohibited.
1.5. It is necessary to provide for the storage of personal data in such a way that the data subject can be identified for an appropriate period not exceeding the period specified for the intended purpose of the processing.
2. Personal data may be obtained only in accordance with regulatory enactments by obtaining them directly from the Data Subject, formally requesting information from its holder, if such rights exist, or the processing of data arises from the data subject's contractual obligations.
3. Personal data shall be used only for the specified purpose. The processing of personal data for purposes not originally intended is not permitted.
4. Personal data may not be stored longer than the purpose for which the personal data are processed. Personal data must be destroyed when they are no longer needed for the first purpose.
5. The controller shall ensure that all relevant information on the processing of personal data is explained to the Data Subject in clear and comprehensible language.
6. The controller may transfer personal data to third parties only in accordance with the requirements of regulatory enactments.
7. The controller must ensure the protection of information, security against accidental or unlawful destruction, rectification, disclosure or other unlawful acts.
8. The company shall ensure the observance of the principles of protection and security of personal data by implementing the relevant organizational methods.

IV. PROCESSING OF PERSONAL DATA

1. Personal data are processed by storing information both in electronic form and in paper document format.

2. Only certain persons / employees authorized by the head of the undertaking may process personal data.

3. Any staff member whose duties include the processing of personal data: (i) not disclose personal data to any other person; (ii) processes personal data in accordance with the regulatory framework, complies with the provisions of this Instruction; (iii) comply with the prohibition on the disclosure and transfer of personal data to third parties without a legal basis and a legitimate purpose for the processing of personal data; (iv) immediately inform the manager or the person in charge of any suspicious situation which may pose a personal data security risk.

V. EXERCISE OF THE DATA SUBJECT'S RIGHTS

1. The data subject has the right to access his or her data free of charge, as well as to receive information regarding the source of personal data and the purpose of their processing. At the request of the Data Subject, the Controller shall provide the requested information or a reasoned written refusal within 30 days from the date of receipt of the request.

2. If the Data Subject finds that the data is incorrect, incomplete or inaccurate, he / she shall inform the Controller (in writing, orally or in another form). The controller shall verify the personal data, correct any incorrect, incomplete or inaccurate data without delay and / or stop using the data without allowing them to be stored.

VI. PERSONU DATU AIZSARDZĪBAS NOTEIKUMI

1. Uzņēmums ievieš organizatoriskās un tehniskās prasības, lai aizsargātu personu datus pret nejaušu vai prettiesisku datu iznīcināšanu, labošanu, atklāšanu vai citām prettiesiskām darbībām.

2. Uzņēmuma darbiniekiem ir jāievēro konfidencialitātes principi, kā arī neizpaust personu datu informāciju, kura tiem kļuva zināma, pildot darba pienākumus, izņemot gadījumus, kad šī informācija ir publiski pieejama. Uzņēmuma darbiniekiem ir jāievēro konfidencialitātes principi, arī beidzoties darba tiesiskajām attiecībām.

3. Lai nodrošinātu personu datu drošību, Uzņēmums ir ieviesis sekojošus personu datu aizsardzības pasākumus:

(a) administratīvie;

(b) cieto disku un programmatūras aizsardzība (serveru, informācijas sistēmu un datu bāžu administrēšana, darba vietu un telpu uzraudzība, operāciju sistēmu aizsardzība, aizsardzība pret datoru vīrusiem;

(c) komunikāciju un datoru tīklu aizsardzība (ugunsmūris, kas norobežo kopīgos datus, programmatūru un nevēlamās datu kopas).

VII. PERSONU DATU APSTRĀDES TERMIŅI

Personu dati tiek iznīcināti, ja vairs nepastāv to apstrādes mērķis, izņemot gadījumus, kad dati tiek arhivēti vai gadījumos, kuri ir atrunāti likumdošanā.