Privacy Policy

  1. General information
    1.1. The purpose of the personal data processing privacy policy (hereinafter - the Privacy Policy) of SIA InPass (hereinafter - the Manager) is to provide general information on the data processing, its purpose, scope and protection of personal data, as well as to inform the Data Subject about its rights and obligations.
    1.2. When processing personal data, the Manager shall comply with the laws and regulations of the Republic of Latvia, as well as European Parliament and Council Regulation (EU) 2016/679 on the protection of personal data processing and its circulation and repealing Directive 95/46 / EC. (General Data Protection Regulation) and other applicable privacy and data processing legislation.
    1.3. All terms used in the Privacy Policy are translated within the meaning of the General Data Protection Regulation.
    1.4. In order to perform its functions and provide services in the most efficient way, the Manager needs to collect, process and use certain type of information about Data Subjects and Organizations.
    1.5. The Manager for personal data processing is SIA „InPass” registration No. 42103081883, address: Klaipedas street 112-21, Liepaja, LV-3416, phone: +371 29873054; e-mail address: info@inpass.lv.
  2. Acquisition and processing of personal data
    2.1. The Manager processes personal data in accordance with the provisions of this Privacy Policy as the Manager in charge, mainly for personnel management, business and administrative activities, website maintenance, information system administration for customer service purposes.
  3. Manager as processor
    3.1. The Manager may process personal data on behalf of its Clients as an authorized processor. The processing of personal data of other controllers may be subject to the privacy rules, policies or mutual agreements of the respective controllers. For such data processing, InPass is not
    considered as a controller and is therefore not responsible for the legal basis of the data processing.
    3.2. The customer provides the legal basis for the processing of personal data in accordance with the applicable privacy legislation. In addition, the Customer evaluates and determines the jurisdiction of the risks that data subjects incur when processing their personal data. It is also important that the Customer, as the data controller, is obliged to inform the data subjects about the processing of personal data.
    3.3. In any case, InPass, as the data Manager, cooperates with the Customer to ensure compliance with the requirements of the General Data Protection Regulation, ensuring high compliance with the privacy and confidentiality requirements, which are also mentioned in this Privacy Policy.
    3.4. When processing the personal data entrusted from the Customer, InPass as the processor provides the following technical and organizational security:
    3.4.1. the rights of users, ensuring that the relevant user has access only to the information that is necessary for the performance of duties (observance of the principle of minimization);
    3.4.2. The storage of personal data is kept only in the countries of the European Union or the European Economic Area, specifically, Latvia.
    3.4.3. The data storage can be accessed only by authorized persons;
    3.4.4. The data storage provides for the retrospective identification and verification of all performed operations with the data available in the storage;
    3.4.5. The data storage creates an automatic copy of the data once a day, which is available only with authorization;
    3.4.6. Copies of the data storage are stored separately from the main storage;
    3.4.7. The length of the user’s password is not less than eight characters and at least one lowercase letter of the Latin alphabet, as well as a number or special symbol;
    3.4.8. Only an authorized person can grant the rights of a new user;
    3.4.9. The rights of a new user are granted only upon the request of the contact person specified in the Customer's agreement;
    3.4.10. Integrated data protection and data protection by default into system operations, such as audit logs of any personal data processing activity are made, recording data, time and user who processes personal data.
  4. Data protection principles
    4.1. When processing data, the Manager shall follow these principles:
    4.1.1. to process personal data in such a way, to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by using appropriate technical or organizational arrangements. The controller shall comply appropriate events to ensure that the processing of personal data happens in accordance with the requirements of regulatory enactments;
    4.1.2. to process personal data in a lawful, fair and transparent manner for the Data Subject;
    4.1.3. to collect personal data only for specified, explicit and legitimate purposes and to not process them further in a way incompatible with those purposes. Unless it is necessary to perform the functions and duties required by law.
    4.1.4. to process personal data adequately, appropriately and to process only the data that is necessary to achieve purposes of the processing;
    4.1.5. to process only accurate personal data and, if necessary, update them;
    4.1.6. to keep personal data for no longer than it is necessary for the purposes in which the
    relevant personal data are processed;
    4.2. Personal data provided by the Data Subject is not transferred or processed outside the European Union and the European Economic Area.
  5. Purposes and legal bases of personal data processing
    5.1. The Manager processes the personal data of the Data Subject only when there is a legal basis to do so.
    5.2. To fulfill the legal obligations specified in the legislation, so that the Manager can perform its functions and tasks, to process the received applications, to keep accounting, etc. cases.
    5.3. Establishment, maintenance and performance of contractual obligations with the Data Subject for concluding employment contracts or service contracts, etc. cases.
    5.4. For the implementation of the legitimate interests of the Manager in the administration of the systems, etc. cases.
    5.5. In cases when the Manager offers some services, the processing of the Data Subject's data may take place on the basis of the Data Subject's consent, for example to receive an e-mail about the latest offers or to use cookies on the website.
  6. Categories of personal data which are being processed
    6.1. The categories of personal data processed by the Manager depend on the Manager's services used by individuals. For instance:
    a) when communicating with the Manager in writing, the content and timing of the communication, as well as information on the communication tool used (e-mail address,) may be saved;
    b) on the basis of an agreement concluded with the Customer, its employee, within the framework of which the following personal data is processed: name, surname, position, telephone number, e-mail address, assigned “id” user name and initial password;
  7. Storage of personal data
    7.1. The Manager shall store personal data for the period of time specified in regulatory enactments or until the purpose for which the data was collected has been achieved.
    7.2. Personal data provided by the Data Subject on the basis of his consent shall be kept by the Manager until the purpose for which the data were collected has been achieved or until the Data Subject withdraws his consent.
  8. Rights of the Data subject
    8.1. Before obtaining personal data or at the time when personal data is obtained, the Manager will provide the Data Subject with information on why the Manager needs the Data Subject's personal data. The Data Subject may be informed by separate information sheets, information on application forms, information contained in contracts, informative messages or orally why the Manager needs the Data Subject's personal data and what the Manager will do with it in accordance with Article 13 of the General Data Protection Regulation.
    8.2. The Data Subject has the right, by submitting an application to the Manager in person and presenting an identity document or by sending an electronically signed document:
    8.2.1. to contact the Manager and request information on the personal data that is being processed by the Manager;
    8.2.2. to request the addition or correction, deletion or restriction of processing personal data or to object to the processing of Data Subject’s personal data, as well as the right to data portability. The Manager will evaluate the Data Subject's request and pursue the Data Subject's rights in
    accordance with the requirements of regulatory enactments;
    8.2.3. to withdraw the consent to process Data Subject’s personal data if the basis of processing personal data of the Data Subject is the consent of the Data Subject, but this does not affect the lawfulness of the processing operations performed when the consent was valid.
    8.2.4. to submit a complaint regarding illegal processing of personal data to the Data State Inspectorate, if the Data Subject has suspicion about it;
    8.2.5. in any case, pursue all his rights as a Data Subject under Chapter III of the General Data Protection Regulation.
    8.3. The Manager will evaluate the Data Subject's request and pursue the Data Subject's rights in accordance with the requirements of regulatory enactments. The Manager will provide a response to the Data Subject's application no later than within one month, but in certain cases, the Manager may extend the response time for another two months, about which the Manager will inform the Data Subject;
  9. Communication with the Manager
    9.1. In case of any questions or uncertainties related to the processing of personal data by the Manager, the Data Subjects must contact the Manager by using the contact information specified in Clause 1.