The aim of the privacy policy is to provide an individual – a data subject – with information regarding the purpose and scope of personal data processing, protection, the processing deadline and the data subject’s rights during data collection and the processing thereof.

Personal data is any information related to an identified or identifiable individual. An identifiable individual is a person, who may be directly or indirectly identified, especially by reference to an identifier, for example, the person’s name, surname, personal number, residence data, online identifier or one or several physical, economic, social or other identity factors characteristic to the individual in question. 

Any and all persons who visit the Company’s office or territory; any visitor of internet sites and social network profiles, the Company’s contact telephone callers, visitors of the Company’s exhibition stands; contractual representatives/contact persons in contracts entered into with business partners/Customers; the Company’s employees; persons addressing the Company with an application/complaint, become data subjects.

Personal data controller’s contact information 

The personal data controller is SIA I.S.D., registration number: 40003356850 address: Baldones Street 2, Iecava, Bauska Municipality, LV-3913, telephone: 67896322, email: Office@isd.lv.

Employee responsible for personal data protection matters: Lawyer Digna Briede, telephone 29171595, e-mail: Digna.Briede@isd.lv

Personal data categories subject to processing:

  1. data subject’s principal data, e.g., name, surname, personal number, number of the personal identification document;
  2. contact information, e.g., declared place of residence address or mailing address, e-mail address, telephone number;
  3. professional data, e.g., education, experience, position, workplace;
  4. employment-related data, e.g., salary, length of service;
  5. data following from contractual relation, e.g., subject of the agreement and contract price; contact information, number of work ID;
  6. special category personal data, for example, health-related data in the context of employment;
  7. data acquired and/or created by compliance with statutory obligations, e.g. a vehicle registration number;
  8. payment and finance data, e.g., a bank account number, contract prices;
  9. data acquired from video surveillance, e.g. a video image;
  10. data from information systems and internet sites, e.g., an IP address, cookies or audit trails.

Legal basis and purpose of personal data processing

1. Legal basis for personal data processing:

  1. the Company’s legitimate interests, for example, identification of a data subject as a business partner’s contact person, ensuring communication for marketing and sales purposes;
  2. entering into a contract with a data subject and performance thereof, for example, an employment contract or a contract of services;
  3. performance of the Company’s legal obligations, for example, submission of personal data to the SRS; video surveillance in the Company’s territory and production premises;
  4. a data subject’s consent, for example, to processing of cookies on the Company’s homepages.

2. Personal data are processed for the following purposes:

  1. product sale (customer identification; communication; drafting and entering into a contract and performance of contractual, including warranty, obligations; processing of applications and complaints; management of payments);
  2. product advertising, as well as quality improvement and development thereof;
  3. business development (analysing cooperation with customers; customer surveys; measuring business efficiency);
  4. ensuring the Company’s operation and management, as well as establishing, ensuring or termination of legal employment relations,
  5. keeping and managing the accounting and finance records;
  6. entering into private transactions necessary for ensuring the main business of the Company;
  7. prevention or detection of criminal offences, where such are related to protection of property and protection of the vitally important interests of persons;
  8. informing the public about the Company’s activities;
  9. performance of statutory obligations (ensuring data storage; provision of information to state and municipal authorities in cases stipulated by laws and regulations).

Sources of collection of personal data

  1. Information provided by a data subject orally, in writing or via the Company’s websites when the data subject shows interest about the Company’s products or employment opportunities at the Company;
  2. From cookies and similar technologies during the data subject’s use of the Company’s websites or advertising materials placed in the internet;
  3. Information available from official databases, e.g. Lursoft;
  4. Information provided by the Company’s business partners.

Transfer of personal data

  1. To state and municipal authorities of the Republic of Latvia and/or European Union and other foreign authorities in accordance with laws and regulations, for example, State Revenue Service, State Social Insurance Agency, the Police;
  2. To third parties who provide services for the purposes described in this Privacy Policy within the limits of the applicable laws and regulations. This may include, for example, provision of outsourced services, such as IT services, property security guarding, health and safety, etc. Data processing requirements, provisions and restrictions are regulated by the contract entered into between the Company and the relevant third party, including with regard to handling of personal data after the expiry of the contract, duration of storage of personal data, compliance with technical and organisational requirements.

Transfer of personal data to third countries

No personal data of the data subject are transferred beyond the borders of the European Union or European Economic Area.

Storage of personal data

  1. Data recorded by video surveillance cameras are stored for 3 months.
  2. In cases of employment relations personal data are stored over the entire period of employment and for an additional 75 years following the termination of employment relations.
  3. Personal data collected for the purposes of marketing, sales and purchases are stored for 1 year or until the necessity expires.
  4. Personal data collected for performance of the Company’s contractual obligations are stored for the entire period of validity of the contract and for another year following the expiry of the contract.

After the expiry of the aforementioned periods, the Company deletes the data subject’s personal data in a secure manner.

Data processing protection and safety

When conducting its business, the Company complies with personal data processing and protection principles, as well as carries out relevant technical and organisational personal data processing measures to ensure safety of personal data.

The Company has put the relevant electronic, physical and administrative safety measures in place, using the capabilities provided by modern technologies. Your data are safely stored and protected against unauthorised access, data detection, modification or destruction by any organisation of private individual.

When processing personal data, the Company complies with confidentiality requirements and does not disclose to third parties any information containing personal data without legal grounds thereof.

Rights of the data subject

The legal framework governing personal data protection grants rights to certain data subject with regard to processing of their personal data. To exercise the rights listed hereunder, the data subject may submit a written application to the Company.

– Access to personal data

A data subject has the right to request confirmation from the Company as to whether the Company processes the data subject’s personal data and in such cases as for information to be provided regarding the personal data being processed by the Company.

– Correction of personal data

If the data subject considers that their information is incorrect or incomplete, the data subject may request the Company to correct it.

– Objections to processing based on legitimate interests

The data subject has the right to object to processing of its personal data which the Company processes in accordance with the Company’s legitimate interests, but this does not apply in cases where laws and regulations require the Company to continue processing the data subject’s data.

– Deletion

In certain cases, the data subject may request the Company to delete their personal data, yet this will not apply in cases where laws and regulations require the Company to store the data until the expiry of the respective period.

– Restriction of processing

In certain situations, the data subject may restrict processing of their personal data, but this will not apply in cases where laws and regulations require the Company to continue processing the data subject’s data to a certain extent.

Should the Company fail to respond before the deadlines stipulated by laws and regulations or fail to fulfil a justified data subject’s request, the data subject may file a complaint with the Data State Inspectorate.

Use of personal data for automated decision-making

The Company does not use the collected personal data for automated decision-making.

Miscellaneous

 The Company’s Privacy Policy is available on the Company’s internet sites:  www.isd.lv   and www.2-wheat.com 

The Company may amend and supplement this Privacy Policy, publishing the updated wording thereof on its internet sites.

03.11.2022