General terms and conditions

  1. SIA Ecsoen Privacy Policy (hereinafter the Policy) has been developed to inform the data subject, any individual, about how SIA Ecsoen processes personal data.
  2. The Policy has been developed to ensure the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the Regulation).
  3. The Policy is binding on all employees of SIA Ecsoen who process personal data.
  4. The personal data controller is SIA Ecsoen, unified registration No. 40203251018, registered address: Riga, Salnas iela 21–162, LV-1021
  5. The Policy sets out the requirements of the Regulation and other laws and regulations in force in the Republic of Latvia regarding privacy and personal data processing: defines personal data, determines the purpose of personal data processing, legal basis, organisational and technological measures implemented by SIA Ecsoen, data storage duration and deletion, as well as the rights of the data subject and communication with SIA Ecsoen.

Personal data processing

  1. For the purposes of the Policy, personal data is any information referring to an identified or identifiable natural person.
  2. The policy applies to ensuring the protection of privacy and personal data in relation to individuals: employees, customers, suppliers (including potential, former and current ones), as well as third parties who receive or transfer any information to SIA Ecsoen (including, but not limited to, contact persons of legal entities), and visitors to offices and other SIA Ecsoen facilities, including those where video surveillance is performed.
  3. SIA Ecsoen identifies the following categories of personal data:
    1. personal identification data (name, surname, personal identification number or identification number, date of birth, passport or identification card number);
    2. contact information of the person (address, phone number, e-mail address);
    3. special category or sensitive data (nationality, trade union membership, signs of disability, information on health status, information related to children);
    4. data of customer’s contacts – name, surname, e-mail address, telephone number of the contact person;
    5. data of the employee (individual) (name, surname, personal identification number or identification number, date of birth, passport or identification card number, address);
    6. data of the customer (individual) – customer agreement number, customer registration date, status;
    7. data of supplier (individual) – supplier’s number, invoice information, address, bank account number;
    8. communication data – type, number, date of incoming and outgoing correspondence;
    9. counterparty solvency test data (information regarding the existence of debts, credit risk assessment, solvency status);
    10. settlement data (bank account number, invoice number, date, amount, type of invoice receipt, payment date, debt amount, debt collection information);
    11. photographs and images (photographs from corporate events);
    12. video surveillance data in all SIA Ecsoen facilities.
  4. SIA Ecsoen is entitled to supplement the list of data categories, taking into account the needs of SIA Ecsoen business, at the same time taking all necessary organisational and technological measures to ensure privacy and personal data protection.
  5. The Privacy Policy applies to the processing of data, regardless of the form and way the individual has provided personal data to SIA Ecsoen (electronically, in writing or by phone) and regardless of in which systems of SIA Ecsoen or paper format it is processed.

Purposes of Personal Data Processing

  1. SIA Ecsoen processes personal data for the following reasons:
    1. For the provision of services of SIA Ecsoen (including, but not limited to, preparation and entering into agreements; provision for services; claims processing and accounting; guarantees for the performance of obligations; settlement administration; assessment of counterparty creditworthiness, credit monitoring; maintenance and improving the performance of website mobile applications).
    2. For receiving services by SIA Ecsoen from other service providers – individuals and legal entities (including, but not limited to, preparation and entering into agreements; receipt of services; submission and accounting of claims; guarantees for securing obligations; settlement administration).
    3. For the provision of information to state and local government institutions and operational activity subjects in the events, in the procedure and to the extent specified in the laws and regulations in force in the Republic of Latvia (including, but not limited to, the provision of information to the State Revenue Service, State Labour Inspectorate).
    4. Business analysis and planning (including, but not limited to, reporting; risk management; statistics; data quality assurance; efficiency measurements).
  2. SIA Ecsoen is also entitled to process personal data for other purposes, if it is provided for in the Regulation and the laws and regulations in force in the Republic of Latvia, upon notifying the data subject thereof.

Legal grounds for personal data processing

  1. SIA Ecsoen processes personal data based on the following legal grounds:
    1. for entering into and the performance of agreements: in order to enter into agreements with employees, customers and suppliers as well as to ensure the performance of contractual obligations;
    2. For compliance with laws and regulations: to comply with the requirements of laws and regulations in force in the Republic of Latvia;
    3. For lawful (legitimate) interests: to implement the legitimate interests of SIA Ecsoen arising from the agreement or law;
    4. In accordance with the consent of the data subject.
  2. SIA Ecsoen processes personal data in compliance with the following legitimate interests:
    1. Conducting business;
    2. Counterparty identity verification before entering into the agreement;
    3. Provision for the performance of contractual obligations;
    4. Prevention of commercial risks (counterparty credit risk assessment before entering into the agreement and during the performance of the contract obligations);
    5. Preservation of written evidence;
    6. Website maintenance and administration;
    7. SIA Ecsoen account administration on websites and mobile applications;
    8. Activities in advertising and marketing area;
    9. Corporate governance;
    10. Financial and business accounting and analysis;
    11. Events in the area of labour law and employment;
    12. Work safety measures;
    13. Environmental protection;
    14. Tax administration;
    15. Defending own rights and legal interests in court, state and local government institutions as well as operative activity institutions;
    16. Data processing within SIA Ecsoen for internal administrative purposes;
    17. Obtaining and updating the contact information of relatives of a person for communication with the employee’s relatives in the event of an accident or other extraordinary circumstances;
    18. Other legitimate interests.
  3. Where SIA Ecsoen processes data based on the data subject’s consent, SIA Ecsoen shall ensure that the data subject’s consent is obtained in writing and that such consent complies with the requirements of Articles 5, 12 and 13 of the Regulation and is given in a clear, specific and informed manner, and unequivocally.
  4. The data subject has the right to revoke the consent for data processing in writing at any time, and SIA Ecsoen shall terminate further data processing based on the previously given consent for the specific purpose immediately after receiving the revocation. Revocation of consent does not interrupt any data processing carried out on other legal grounds.
  5. Revocation of consent by the data subject does not affect the legitimacy of data processing that was carried out when the Customer’s approval was still in effect.

Organisational and technological measures

  1. SIA Ecsoen processes personal data by carefully assessing privacy risks, as well as organisational, financial and technical resources of SIA Ecsoen.

SIA Ecsoen selects the most appropriate technological solutions to exclude privacy breaches as much as possible and to ensure the secure processing of personal data, for example, by providing passwords, installing intrusion protection and detection programs, taking other protective measures.

  1. In order to ensure the quality and operative performance of the contractual obligations, SIA Ecsoen may delegate the performance of certain tasks to third parties, the outsourcers. If, in performing these tasks, SIA Ecsoen outsourcers process the personal data held by SIA Ecsoen, the respective SIA Ecsoen outsourcers are considered to be data processing operators (processors) of SIA Ecsoen, and SIA Ecsoen has the right to transfer personal data to such outsource service providers of SIA Ecsoen to the extent necessary for the performance of these activities.
  2. SIA Ecsoen outsourcers, as personal data processors, are obliged to ensure the processing of personal data in accordance with the requirements of the Regulation as well as to comply with the justified requirements of SIA Ecsoen. Personal data processing is performed based on a written agreement.
  3. SIA Ecsoen outsourcers, as personal data processors, are prohibited from using personal data for purposes other than the performance of obligations under the agreement with SIA Ecsoen as assigned by SIA Ecsoen. In the agreement on data processing, the contracting parties shall agree on the task, subject, duration, nature, purpose of data processing, and other information required to ensure privacy and secure data processing. SIA Ecsoen makes sure that the data processor has taken the necessary organisational and technological measures to meet the requirements of the Regulation.
  4. SIA Ecsoen, subject to the requirements of the Regulation, provides access to personal data or transfers such to third parties to third countries (countries outside the European Union and the European Economic Area) as a data processor (operator) by SIA Ecsoen providing for the procedures for the processing of personal data specified in the laws and regulations of the relevant third country. SIA Ecsoen ensures that the level of privacy and personal data protection is equivalent to the one set forth in the Regulation.
  5. SIA Ecsoen takes the necessary organisational measures to ensure data security, for example, carefully assesses the granting of access rights to the data held by SIA Ecsoen.
  6. SIA Ecsoen informs its staff about privacy and data security measures in order to prevent the disclosure of data to any third parties.
  7. SIA Ecsoen ensures that the data at its disposal is not disclosed to third parties, unless the data are transferred to:
    1. A counterparty under a concluded agreement to perform any contractual or statutory obligation, such as the provision of information to credit institutions;
    2. With clear and unambiguous consent of the data subject;
    3. To persons specified in the applicable laws and regulations of the Republic of Latvia upon their justified request, in the events, procedure and amount set forth in the applicable laws and regulations of the Republic of Latvia;
    4. Defending own rights and legal interests in court, state and local government institutions as well as operative activity institutions.
  8. SIA Ecsoen shall notify the data subject about the transfer of data, unless the Regulation does not provide for such obligation to notify.

Duration of storage and deletion of data

  1. SIA Ecsoen shall take the necessary measures to ensure that the duration of storage and processing of data at the disposal of SIA Ecsoen complies with the requirements of the Regulation.
  2. SIA Ecsoen shall store and process personal data for as long as at least one of the conditions listed below exists:
    1. Valid agreement;
    2. Existing legal obligation to store the data;
    3. It is possible to implement legitimate interests by the deadlines set forth in the applicable laws and regulations of the Republic of Latvia;
    4. Valid consent of a data subject to the relevant processing of the personal data, if there are no other legal grounds for personal data processing.
  3. SIA Ecsoen ensures that personal data is deleted if none of the conditions for the storage and processing of personal data exists.

Rights of data subjects

  1. SIA Ecsoen shall, upon a justified request of a data subject, provide information to data subjects about the processing of their personal data.
  2. The data subject may submit a request to the Executive Director of SIA Ecsoen:
    1. In writing, arriving at the office of SIA Ecsoen at Krišjāņa Valdemāra iela 1A, Sigulda, LV-2150, at the previously agreed time and presenting an identity document;
    2. Sending an e-mail message to the following e-mail address ecsoen@ecsoen.lv, and signing the request with a secure electronic signature.
  3. Upon the receipt of the data subject’s request, SIA Ecsoen shall verify the data subject’s identity, evaluate the request and provide a response in writing within 14 (fourteen) days by registered mail to the address specified by the data subject, or with a secure electronic signature to the e-mail address specified by the data subject.
  4. SIA Ecsoen shall ensure that, upon a reasonable request of the data subject, the data is supplemented, corrected or deleted, or that the restriction of data processing is ensured, insofar as data processing does not arise from the obligations of SIA Ecsoen arising from the laws and regulations in force in the Republic of Latvia and performed in the public interest.
  5. If SIA Ecsoen fails to comply with the requirements of the data subject included in the request, the data subject shall be entitled to apply to the Data State Inspectorate.

Other provisions

  1. SIA Ecsoen shall communicate by using the contact information specified by the counterparty (phone number, e-mail address, mailing address).
  2. Information for communication with SIA Ecsoen: office at Krišjāņa Valdemāra iela 1A, Sigulda, LV-2150; e-mail: info@ecsoen.com.
  3. SIA Ecsoen shall publish the Policy, in its current version, on the company website.
  4. We use cookies to ensure the required site functionality and better and more convenient use of the site. By visiting the site, you agree to its terms of use.