Privacy Policy Aston Baltic Ltd
- Introduction
1.1 Aston Baltic Ltd (hereinafter referred to as the "Contractor") is engaged in the development, implementation and maintenance of ERP (Enterprise Resource Planning) systems and IT solutions, sale of licences, provision of data storage (hosting) services, training of system users and stakeholders, organisation and conduct of business seminars (hereinafter referred to as the "Service" or the "Services").
1.2 The Contractor has developed this privacy policy ("Privacy Policy") to inform you about the Contractor's data protection practices in providing the Services and maintaining the website www.astonbaltic.lv (the "Website").
1.3 This Privacy Policy is binding on the Contractor and the persons whose data the Contractor processes, including:
- potential recipients of the Services who provide data to the Contractor for the purposes of receiving the Services,
- persons receiving the Services,
- persons visiting the Website.
1.4 In addition to the provisions of this Privacy Policy, the Contractor and the Service Recipient shall be bound by the data processing provisions set out in the contracts for the provision of the Services and the personal data processing agreements, if any. In the event of a conflict between this Privacy Policy and the Service Contract and/or the Personal Data Processing Agreement, the terms more favourable to the Data Subject shall prevail. Additions and clarifications that do not contradict the laws and regulations referred to in Section 2.1 of this Privacy Policy shall not be deemed to be a conflict.
1.5 The potential Service Recipient and the Service Recipient are obliged to obtain the consent of their representatives to the transfer of their personal data to the Contractor, to inform their representatives of the transfer of their personal data to the Contractor and the terms of this Privacy Policy if they provide their personal data to the Contractor.
1.6 The Contractor shall be entitled to amend the terms of the Privacy Policy provided that the laws and regulations referred to in the following paragraph of the Privacy Policy are complied with. The Contractor shall publish the current version of the Privacy Policy on the Website.
- General rules for processing personal data
2.1 The Contractor shall process and protect personal data in accordance with the laws and regulations in force in the Republic of Latvia, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
2.2 This Privacy Policy contains the main rules for the processing and protection of personal data, in addition to which the Contractor shall establish and implement other rules for the processing and protection of personal data that do not conflict with this Privacy Policy and comply with the regulatory enactments set out in the preceding paragraph.
2.3 The Contractor confirms that it has taken the necessary measures to ensure the protection of personal data and to prevent their possible disclosure to third parties. The Contractor shall regularly monitor and improve its data protection processes.
2.4 Data for the purposes of this Privacy Policy means any information, including personal data, information about the Service provided by the Contractor, information about the contract to be concluded and concluded for the provision of the Services, the amount and payment history of the Service Recipient, the content of telephone conversations with representatives of the Service Recipient, etc. Personal data processed and protected under this Privacy Policy means any information relating to an identified or identifiable natural person. Persons whose data is processed by the Contractor may also be referred to as "data subjects" in the remainder of this Privacy Policy.
2.5 For the purposes of this Privacy Policy, processing of personal data means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.6 The data subject shall have the right to request the Contractor to access and rectify or erase the data subject's personal data or to restrict processing in relation to the data subject or to object to processing, as well as the right to data portability.
2.7 The data subject shall have the right to lodge a complaint with the supervisory authority of the Republic of Latvia, the State Data Inspectorate, regarding the Contractor's breaches in the processing and protection of personal data.
- Collection of personal data, purposes of processing and legal basis for processing
3.1 The Contractor receives data, including personal data, in various ways, including:
3.1.1 The Prospective Service Recipient shall provide the Contractor with the Data for the purpose of entering into a Services Agreement with the Contractor and the Contractor shall process the Data for the purposes of the preparation, conclusion and performance of the Services Agreement and for the other purposes set out in this Privacy Policy and the Services Agreement. If the potential recipient of the Services is a natural person, the provision of personal data is a prerequisite for the conclusion of the Services Agreement; the provision of any additional representative data is then optional. If the potential recipient of the Services is not a natural person, the submission of the name of the natural person who will sign the contract with the Contractor for the provision of the Services, as well as the power of attorney of the person concerned if he/she represents the potential recipient of the Services on the basis of a power of attorney, shall be a precondition for the conclusion of the contract for the provision of the Services; the submission of any additional representative data shall be optional in this case.
3.1.2. the Contractor shall receive data during training and other events organised by the Contractor, including by taking photographs and video recordings.
3.1.3. the Contractor receives data from third parties which are necessary for the performance of contracts concluded between third parties and the data subjects concerned, i.e. where the Contractor provides the Services as a subcontractor.
3.1.4. the Contractor shall obtain data from publicly accessible registers.
3.1.5 The Contractor may receive data through the use of cookies on the Website by notifying the Website. More detailed rules relating to the obtaining of such data are set out in Section 6 of this Privacy Policy.
3.2 The Contractor shall process the data of potential recipients of the Services and recipients of the Services for the following purposes:
3.2.1 Where the data subject has provided data to the Contractor, thereby consenting to the processing of personal data, the Contractor shall be entitled to process the data for the purposes of providing advice, preparing Service Proposals and entering into a Service Contract for the purposes of pre-contractual activities.
3.2.2. for the performance of the Service Agreement, communication with the Service Recipient, notification of changes to the Service, provision of technical information, notification of software updates, security, support and other reports.
3.2.3. for the performance of contracts concluded between third parties and the relevant data subjects, i.e. where the Contractor provides the Services as a subcontractor.
3.2.4. to notify the Service Recipient of offers of other services by the Contractor. In this case, the legal basis for the processing of personal data is the consent of the Service Recipient, which shall be deemed to have been given when concluding the contract for the provision of the Services.
3.2.5.for the preparation of offers of the Services, advertising of the Contractor and informing third parties about the Services, using photographs and video recordings obtained during the training referred to in Clause 1.1 and other events organised by the Contractor.
3.2.6. to monitor the quality of the Services and to determine customer satisfaction by asking the Service Recipient to participate in surveys on the quality of the Contractor's Services and receiving the results of the surveys. Telephone conversations with representatives of the Customer Service Centre may be recorded and stored for the purposes of monitoring the quality of Customer Service and improving the quality of the Contractor's services.
3.2.7. to send greetings to the Service Recipient on national holidays and to congratulate the Service Recipient and its representatives on their birthdays and name days. In this case, the legal basis for the processing of personal data is the consent of the Service Recipient, which shall be deemed to have been given when concluding the contract for the provision of the Services.
3.2.8. for the purpose of fulfilling legal obligations attributable to the Contractor, if such obligations are stipulated by regulatory enactments.
3.3 Where a prospective recipient of the Services has provided personal data for the purposes set out in paragraph 3.1.1 of this Privacy Policy, it shall be entitled to withdraw consent to the processing of personal data and to withdraw from entering into a contract for the provision of the Services prior to entering into a contract for the provision of the Services.
3.4 If the Service Recipient has provided data to the Contractor prior to the conclusion of the Services Agreement, no resubmission of data is required at the conclusion of the Services Agreement and the Contractor is not obliged to separately inform the Data Subject of the processing of their personal data and the change of legal basis.
- Categories of recipients
4.1 The Contractor's employees shall be entitled to process personal data in accordance with their job responsibilities. The Contractor is obliged to inform its employees who process Service Recipients' data of the terms of this Privacy Policy.
4.2 The data of a prospective Service Recipient who submits data for the purposes of receiving the Contractor's Services and the Service Recipient may be transferred to third parties for such purposes:
4.2.1 The data of a potential Service Recipient may be transferred to a relevant external service provider (e.g. a software licensor) for the purpose of obtaining a quotation for a particular service and processing the application of the potential Service Recipient prior to entering into a contract for the provision of the Services.
4.2.2.The Service Recipient's data may be transferred to external service providers for the performance of the Service Contract, including the processing of Service Recipient's requests, such as the processing of Service Change Requests, the provision of software licences, the performance of programming work, the processing of fault requests, the repair of faults, etc.
4.2.3. other business partners of the Contractor for the performance and management of the contract for the provision of the Services, including providers of administration, record-keeping, accounting and legal services, etc.
4.2.4. making available to third parties photographic and video recordings taken during the training sessions referred to in Clause 1.1 and other events organised by the Contractor for the purpose of promoting the Contractor and informing about the Services.
4.2.5. to debt collection service providers and to legal action if the Service Recipient fails to make payments on time. The Contractor shall have the right to pass on to third parties the Service Recipient's data for debt recovery purposes, including the creation of a debt history database.
4.2.6 Data may be transferred to third parties in the cases provided for by law for the purpose of fulfilling obligations imposed by laws and regulations.
- The period for which the personal data are kept
5.1 Personal data shall be stored for a maximum period of 1 (one) month for the purposes of entering into a contract for the provision of the Services as set out in Clause 3.2.1 of this Privacy Policy. If the contract for the provision of the Services is not concluded within this period for any reason, but the data subject subsequently approaches the Contractor with a new offer to conclude a contract for the provision of the Services, a new submission of personal data to the Contractor shall be required. If a contract for the provision of the Services is concluded within that period, the Contractor shall continue to store the personal data in accordance with the following paragraph of this Privacy Policy.
5.2 Personal data for the purposes set out in Clause 3.2.2 of this Privacy Policy shall be retained for the duration of the contract for the provision of the Services and for an additional period not exceeding 10 (ten) years after termination of the contract to ensure the preservation of documents evidencing and justifying past transactions, the performance of warranty obligations and the recovery of any debt.
5.3 In the case of the provision set out in paragraph 3.2.3 of this Privacy Policy, it is not possible to determine the exact period of data retention, however, the Contractor shall be entitled to process personal data for a period not exceeding the performance of the Contractor's obligations under the contract for the provision of services concluded between the Contractor and a third party.
5.4 The retention period of Personal Data for the purposes set out in paragraphs 3.2.4 to 3.2.6 of this Privacy Policy shall be the duration of the relevant contract for the provision of the Services.
5.5 The period of retention of Personal Data for the purposes set out in Clause 3.2.7 of this Privacy Policy shall be determined in accordance with the laws and regulations under which the Contractor is subject to the legal obligation.
5.6 In other cases, the period of retention of personal data shall be determined not exceeding the period, if any, specified in the regulatory enactments.
- Special Terms and Conditions in relation to the use of the Website
6.1 The Contractor may receive data through the use of cookies on the Website by notifying the Website. The legal basis for such data processing is the data subject's consent, which is deemed to be given if the data subject continues to use the Website after the Website displays a cookie warning.
6.2. the Contractor shall ensure the processing and protection of the personal data of the Website visitors in accordance with the laws and regulations specified in Clause 2.1 of this Privacy Policy.
6.3 For the purpose of providing services and evaluating the need to improve the Website, the Contractor has the right to process information about visitors to the Website contained in the Website access files, such as IP address, type of web browser used, previous website from which the visitor accessed the Website, Internet service provider, time of visit, sections of the Website viewed, etc.
6.4 You may refuse the use of cookies in accordance with the possibilities offered by the technologies used, but this is not recommended as it may reduce or prevent the use of the Website.
6.5 The Website is the property of the Contractor. Text, images, graphics, sound files, animation files, video files on the Website are subject to copyright and other intellectual property rights. These objects may not be copied for commercial purposes or distribution, nor may they be modified or posted on other websites. Reproduction of the material requires the written permission of the Contractor. When quoting, reference to the source is mandatory.
6.6 The Contractor shall not be responsible for other websites linked from the Website.
- Contact Aston Baltic SIA
In case of any questions regarding the processing of personal data, the Contractor may be contacted using the following contact details: SIA Aston Baltic, Skanstes iela 12, Rīga, LV-1013, e-mail: info@astonbaltic.lv, Tel: (+371) 28316310.