Privacy Policy

1. Data controller:

Finance Latvia Association (prior to name change – Association of Latvian Commercial Banks (thereinafter – the Association), registration number: 40008002175, registered seat: Riga, Roberta Hirša street 1a (room 218), LV-1045.

You may contact us per phone: +371 287 18175 or electronically: info@financelatvia.lv.

2. General description of the performed persona data processing activities:

This notice describes the manner in which we perform the processing of personal data disclosed to us for the purpose of our operations. This notice is applicable to the following categories of data subjects:

• Representatives nominated by the members of the Association or its associate members (hereinafter –  the members);
• Persons filing complaints with the Ombudsman;
• Cooperation partners, their representatives, and contact persons;
• Visitors to our website.

The purpose of this notice is to provide you with general information on the personal data processing performed by us and the purpose of such processing. Please note that other documents (e.g. cooperation agreements, regulations, terms of use of a website) may contain additional information on the processing of your personal data. We retain the right to amend and if necessary update this notice.

Please be informed that the personal data processing procedures contained therein are applicable only to the processing of personal data of private individuals.

We understand that personal data are your value and we will process such data in conformity with the applicable confidentiality requirements and with due care of the safety of your personal data that are at our disposal.

3. Why we process your personal data and what is the legal basis of such data processing?

We will process your personal data only for previously defined legitimate purposes, including:

a)     Statutory requirements applicable to the work of the Association

To achieve the set objective we have to fulfill the requirements of the Associations and Foundations law, Law on accounting, Law on taxes and fees, Archives law and the requirements of other laws and regulations.

The main legal basis for attaining these objectives are:

• compliance with the legal obligation (General Data Protection Regulation, Article 6, Paragraph 1(c), e.g. when reporting on the employment taxes paid).

b)    Ensuring the work of the Ombudsman

• personal data are used solely for the handling of complaints, including, in cases referred in the General Data Protection Regulation Article 6, Paragraph 1(c) or (d);
• for preparing information required for statistical and general informative purposes;

c)     Promotion of the Association’s work and publicity

To achieve this objective, we can use the personal data of the members of the Association and the representatives nominated by its members to create and distribute publicity materials (text, photo and video materials) that have been specifically designed or acquired from different events for the purpose of popularising the work of the Association or its members and to inform the members of the Association or general public on the Association’s work.

In case there are photographs or videos taken at any event that is organized by the Association, there will be a visible notification placed to inform the attendees of the event about such data processing.

The main legal substantiation for attaining this objective:

• Consent (General Data Protection Regulation, Article 6, Paragraph 1 (a);
• Legitimate interests of the data controller (General Data Protection Regulation, Article 6, Paragraph 1(f)).

d)    Day-to-day work of the Association

To achieve this objective, we have to record information about the participants of the meetings of the Association’s committees and the agenda of such meetings, online recording of meetings, as required, likewise information on the experience and capacity of the applicants for membership in the Association’s committees and working groups.

The main legal substantiation for attaining this objective:

• Legitimate interests of the data controller (General Data Protection Regulation, Article 6, Paragraph 1(f)).

e)     Safety, prevention, and examination of any threats to economic interests

For this purpose we have to register information on the visitors of our premises, use personal data processors for ensuring different functions and if necessary, disclose information to the courts and other state institutions, enforce the rights granted to us by the applicable laws for ensuring our legitimate interests.

The main legal substantiation for attaining this objective:

• Legitimate interests of the data controller (General Data Protection Regulation, Article 6, Paragraph 1(f)).

f)     Processing of personal data through cookies

There are cookies used on the Association’s website to remember whether you have already consented to the use of the cookies on the website and to analyze the activities of the visitors of the website (connection time, length, most visited parts of the website). The information that is associated with the cookies is not used for your identification purposes. The cookies serve the purpose of collecting standard log entry information (connection time, duration, IP address) and anonymous information about your activity on the website.

We do not use your data for profiling or automated decision-making, what causes legal consequences or has any other major impact on you.

4. How do we obtain your personal data?

We can obtain your personal data in any of the following ways:

• from you, in case you will provide us with your data;
• from the members of the Association or other third persons, in case the information is necessary for ensuring the Association’s work;
• by technical means (e.g. online recording of the meeting, audio recording)

Remember! The members of the Association who are credit institutions do not reveal to the Association data about their clients and the Association cannot request such data, with the exception of cases, when the client is personally addressing the Ombudsman.

5. Who can access your personal data?

We take respective measures for the processing of your personal data in accordance with the applicable laws and to ensure that your personal data are not accessed by any third persons not legally entitled to the processing of your personal data.

Based on the necessity, your personal data could be accessed by the following persons:

• Authorised representatives of the Association’s members, to the extent such a disclosure is necessary for the attainment of the Association’s objectives;
• Authorities appointed by the Association’s members, our employees or directly authorized persons who require such access for the performance of their work duties;
• Personal data processors, based on the provided services and only to the extent necessary, e.g. auditors, financial management and legal advisors, IT developers/technical maintenance specialists, other persons that are associated with the services provided by the data controller;
• State and municipal institutions, in cases specified in the applicable laws, e.g. law enforcement institutions, municipal authorities, taw administration, sworn bailiffs;
• Third persons, by verifying the existence of a legal basis for such data transfer and the proportionality of the amount thereof.

6. What cooperation partners for data processing or personal data processors we choose?

We take respective measures to ensure the processing of your personal data, protection and transfer to data processors in accordance with the applicable laws. We carefully select our personal data processors and when performing any data transfer, we assess the necessity and the amount of the data to be transferred. Any data transfer to the processors is performed in compliance with the personal data confidentiality and safe processing requirements.

Currently, we cooperate with the following categories of data processors:

• External accountants, auditors, financial management and legal advisors;
• IT infrastructure, database owners/developers/technical maintenance service providers;
• Archiving services.

All previous years’ materials are transferred by the Association for archiving and no such materials are kept at its premises. The provider of archiving services is: IRON MOUNTAIN LATVIA AS, Ganibu dambis 7a, Riga, LV-1045, www.ironmountain.com

The categories of data processors may change. In case of any changes, this notice will be changed accordingly.

7. Are your personal data transferred to countries outside the European Union (EU) or the European Economic Area (EEA)?

We mostly perform personal data processing at our legal address or in another venue, in case of any events organized by the Association outside its premises or in case the processing is performed by data processors hired by us.

We do not transfer personal data to countries outside the European Union or the European Economic Area (EEA).

8. How long do we keep your personal data?

Your personal data are kept for so long as it is necessary for the purposes for which such data are processed and by respecting the requirements of the applicable laws.

When evaluating the length of keeping personal data, we take into consideration the requirements of the applicable laws and our legitimate interests. In case some personal data are no longer necessary for the intended purpose, we will delete or destroy such data.

We have summed up the most common personal data keeping periods:

• The ombudsman deletes personal data not later than within a year’s time after the case is closed or left unadjudicated. In case a person requests to delete the personal data provided by him/her prior to the given term, the ombudsman undertakes to review such a request in accordance with the provisions of the General Data Protection Regulation, Article 17. The response given by the ombudsman which also contains information on the person who addressed him/her, the subject matter and the time of making the request and the personal data contained therein, is retained and archived.
• cookies – depending on the type of the cookie, not longer than the duration of the session (e.g. length of visiting the webpage), from 24 hours (for the registration of unique visits) up to one year  (e.g. for the registration of the first visit);
• information about the Association’s committee, the working group, and its members – constantly; and information provided to the Association for the eligibility assessment of applicants – during the period while the person is taking the respective position with the Association.

9. What are your – as the data subject’s rights in connection with the processing of your personal data?

In accordance with the General Data Protection Regulation, you have the right to access your personal data that are at our disposal, and request such data to be rectified, erased, the processing thereof be restricted, object against processing and also the right to data portability in cases and according to the procedures set out in the General Data Protection Regulation.

The Association respects your right to access your personal data and to control such data. In case of a respective request from you, we will respond thereto within the statutory deadlines (commonly within the term of one month, with the exception of any specific requests the processing of which takes longer) and if possible we will satisfy your request.

You can obtain information regarding your personal data kept by us and enforce other rights of the data subject in any of the following forms:

• by filing a respective application in person and by identifying yourself at our office in Riga, Roberta Hirša street 1a (room 218), LV-1045, on working days from 9:00 – 17:00;
• by sending a respective application per post to the following address: Riga, Roberta Hirša street 1a (room 218), LV-1045
• by sending a respective electronic application signed with a safe electronic signature to our e-mail address: info@financelatvia.lv.

Following receipt of your application, we will evaluate its contents and the possibility to identify you, and based on the existing circumstances, we retain the right to request you to undergo additional identification measures to ensure the safety of your data and the disclosure of such data to the correct person.

Description of rights

Right to information and right of access	You have the right to receive information on the processing of your data. The main information regarding the processing of your data is described in the Association’s privacy notices. In the event you require any information that is not covered by the privacy notices, the Association undertakes to the extent possible provide answers to any such inquiries which cover any information that is subject to mandatory disclosure to you, provided such a disclosure does not infringe on the interests or commercial secrets of other data subjects. In case you want to access other specific personal data at our disposal, you will have to submit a request detailing the specific data and to substantiate your necessity.
Right to rectification	In case of any changes in the personal data you have provided to us, e.g. changes in the personal ID number, communication address, phone number or a change of the e-mail address, please contact us and provide us with the correct data.
Right to erasure	You have the right to request us to erase your personal data that are no longer necessary for attaining the purpose of data processing or in case the data processing has been ungrounded.
Right to a restriction of processing	You may request to restrict the data processing meanwhile we verify the accuracy of the provided data or the validity (substantiation) of such data processing, in case you have requested us to correct your personal data or objected to such data processing (see below).
Right to object	You have the right to object to the processing of personal data in case you maintain that we do not have the right to process your personal data based upon a legitimate interest. Though, we may continue the processing of your data in case we can present a convincing and justifying substantiation that overrides your interests, rights, and freedoms.
Right to data portability	You have the right to request that your personal data which you have submitted to us for processing purposes is transferred to you or forwarded to another data controller in a structured, commonly used and machine-readable format on the basis of a respective consent or for contract performance purposes.
Revocation of the consent	In case the processing of your personal data is performed on the basis of your consent, you may revoke the consent anytime and we will no longer process your data on the basis of the given consent. Nevertheless, we can continue processing your data on the basis of other legal bases.

10. Where to submit a complaint on issues related to personal data processing?

In case you have any questions or objections regarding personal data processing performed by us, please submit your objections first to us.

In the event you are of the opinion that we have not succeeded in solving the matter and you maintain that we have infringed on your rights to personal data protection, you may file a complaint with the Data State Inspectorate. The form of the complaint and other information associated therewith can be found on the webpage of the Data State Inspectorate under: Here

11. Why do you have to present your personal data to us?

We mostly process your personal data to fulfill binding legal obligations and to pursue our legitimate interests. In the prescribed cases the acquisition of certain information is necessary for attaining certain objectives and the nondisclosure of the required information may jeopardize the business deal or performance of a contract.