SIA “ZK 9” Privacy Policy
The purpose of the Privacy Policy is to provide the natural person – the data subject – with information
regarding the purpose, legal basis, scope, protection, and duration of the processing of personal data
at the time of data collection and during the processing of the data subject’s personal data.
I. Controller and Contact Information
1. The controller of personal data processing in relation to seminar/event attendees, clients,
website visitors, and job applicants who have submitted an application is SIA ZK 9, unified
registration number 50103194261, legal address: “Kļavulapas”, Mārupe, Mārupes novads,
LV-2167 (hereinafter – the Company).
2. The Company’s contact information for matters related to personal data processing,
including reporting possible data protection violations, is datuaizsardziba@zk9.lv.
3. By using this contact information or by contacting the Company’s legal address,
questions regarding personal data processing may be submitted. Requests for the exercise
of data subject rights may be submitted in accordance with paragraph 24.
II. General Provisions
4.Personal data refers to any information relating to an identified or identifiable natural person.
5. This Privacy Policy applies to the protection of privacy and personal data for the following
groups (hereinafter collectively referred to as the Clients):
5.1. Natural persons – candidates (applicants);
5.2. Seminar/event attendees;
5.3. Clients of the Company (including prospective, former, and current clients);
5.4. Visitors to the Company’s maintained websites.
6. The Company ensures the privacy and protection of Clients’ personal data, respecting their
rights regarding lawful personal data processing in accordance with applicable legal acts – the
Personal Data Processing Law, Regulation (EU) 2016/679 of the European Parliament and of
the Council of 27 April 2016 on the protection of natural persons with regard to the processing
of personal data and on the free movement of such data (hereinafter – the Regulation), and
other applicable laws in the field of privacy and data processing.
7. This Privacy Policy applies to the processing of data regardless of the form and/or
environment in which the Client provides personal data (in person, on theCompany’s website,
in paper format, or via telephone).
III. Purpose of Personal Data Processing
8. The Company processes personal data for the following purposes:
8.1. Provision of Services:
8.1.1. To identify the representative of a Client (a legal entity);
8.1.2. For the preparation and conclusion of a contract;
8.1.3. For the delivery of services (fulfillment of contractual obligations);
8.1.4. For the development of new services;
8.1.5. For the review of objections or complaints;
8.1.6. For the administration of payments;
8.1.7. For debt recovery and collection;
8.1.8. For the maintenance and improvement of websites.
8.2. Business planning and analytics;
8.3. For client security and the protection of the Company’s property;
8.4. To conduct personnel recruitment processes and to protect the Company’s legitimate
interests insofar as they relate to recruitment:
8.4.1. To assess a candidate’s compliance with the Company’s requirements for the
specified position;
8.4.2. To enter into a contract with a candidate who meets the Company’s requirements;
8.4.3. To assert, exercise, and defend the Company’s legal claims.
8.5. For the Company’s legitimate purposes:
8.5.1. To conduct commercial activities;
8.5.2. To verify the identity of the Client (representative or authorized person of a legal entity,
or a natural person) prior to the purchase of services;
8.5.3. To ensure the fulfillment of contractual obligations;
8.5.4. To retain Client applications and service requests;
8.5.5. To segment the client database for more effective service delivery;
8.5.6. To develop and improve services;
8.5.7. To send other notifications regarding contract performance and events essential
to contract execution, as well as to conduct client surveys about services;
8.5.9. To prevent fraudulent activities against the Company;
8.5.10. To ensure corporate governance, financial and business accounting and analysis;
8.5.11. To ensure effective Company management processes;
8.5.12. To ensure and improve the quality of services;
8.5.13. To administer payments;
8.5.14. To carry out video surveillance for business security;
8.5.15. To inform the public about the Company’s activities.
9. The Company may process candidates’ personal data for recruitment purposes related
to the specific vacancy for which the candidate has applied or for future recruitment purposes,
provided that the candidate has given consent.
IV. Legal Basis for Personal Data Processing
10. The legal basis for the Company’s personal data processing activities for the following
purposes is as follows:
10.1. Provision of Services:
Based on Article 6(1) of the Regulation:
• b) the processing is necessary for the performance of a contract to which the data subject
is party, or in order to take steps at the request of the data subject prior to entering into a contract;
• c) the processing is necessary for compliance with a legal obligation to which the controller is subject;
• f) the processing is necessary for the purposes of the legitimate interests pursued by the controller.
10.2. Business Planning and Analytics:
Based on Article 6(1)(f) of the Regulation (processing is necessary for the purposes of the
legitimate interests pursued by the controller).
10.3. For Client Security and Protection of the Company’s Property:
Based on Article 6(1)(f) of the Regulation (processing is necessary for the purposes of the
legitimate interests pursued by the controller).
10.4. Conducting Personnel Recruitment Processes:
Based on Article 6(1) of the Regulation:
• a) subparagraph (the data subject has given consent to the processing of his or her personal
data for one or more specific purposes),
• c) subparagraph (the processing is necessary for compliance with a legal obligation to which
the controller is subject), and
• f) subparagraph (the processing is necessary for the purposes of the legitimate interests
pursued by the controller);
Sections 33, 35, and 38 of the Labour Law.
10.5. The Company’s legitimate (legitimate) interests:
Article 6(1)(f) of the General Data Protection Regulation
f) subparagraph (the processing is necessary for the purposes of the legitimate
interests pursued by the controller).
V. Processing of Personal Data
11. The Company processes Client data using modern technological capabilities, taking into
account existing privacy risks and the organizational, financial, and technical resources
available to the Company.
12. The Company may carry out automated decision-making in relation to the Client. The Client
is informed separately about such actions by the Company in accordance with regulatory enactments.
13. Automated decision-making that produces legal effects for the Client (for example, approval
or rejection of the Client’s application) may only be carried out during the conclusion or performance
of a contract between the Company and the Client, or based on the Client’s explicit consent.
VI. Protection of Personal Data
14. The Company protects Client data by using modern technological capabilities, taking into account
existing privacy risks and the organizational, financial, and technical resources reasonably available
to the Company, including the use of the following security measures:
14.1. Firewalls;
14.2. Intrusion protection and detection software;
14.3. Other protective measures in accordance with current technological advancements.
VII. Categories of Recipients of Personal Data
15. The Company does not disclose the Client’s personal data or any information obtained during
the provision of services and performance of the contract, including information about the services
received, to third parties, except in the following cases:
15.1. in accordance with the Client’s clear and unambiguous consent;
15.2. to persons specified in external regulatory enactments, upon their justified request, and in the
manner and scope provided for by such regulatory enactments;
15.3. in cases specified in external regulatory enactments for the protection of the Company’s
legitimate interests, for example, by applying to a court or other state authorities against a person
who has infringed upon the Company’s legitimate interests.
VIII. Transfer of Personal Data
16. The Company does not transfer Personal Data to third parties, except to the extent necessary
for the reasonable conduct of business operations, ensuring that the respective third parties maintain
the confidentiality of Personal Data and provide appropriate protection.
17. The Company is entitled to transfer Personal Data to the Company’s suppliers, subcontractors,
strategic partners, and others who assist the Company in conducting business activities for its clients,
in order to implement the respective cooperation. However, in such cases, the Company requires data
recipients to commit to using the received information solely for the purposes for which the data were
transferred and in accordance with the applicable regulatory requirements.
IX. Access to Personal Data by Third-Country Entities
18. The Company does not transfer personal data to third countries (outside the European Union and
the European Economic Area).
X. Duration of Personal Data Retention
19. The Company stores and processes the Client’s personal data as long as at least one of the
following criteria applies:
19.1. only for as long as the contract concluded with the Client is in force or the service is being
provided to the Client;
19.2. the data is necessary for the purpose for which it was collected;
19.3. until the matter specified in the Client’s application is fully reviewed and/or resolved;
19.4. as long as the Company or the Client can exercise their legitimate interests in accordance
with external regulatory enactments (for example, submitting objections or filing a claim in court);
19.5. as long as the Company has a legal obligation to retain the data;
19.6. as long as the Client’s consent for the respective data processing is valid, unless another legal
basis for data processing exists.
20. Once the conditions referred to in point 19 no longer apply, the Client’s personal data is deleted.
Audit logs are retained for at least one year from the date of their creation.
21. The Company stores and processes the personal data submitted by a candidate for 6 (six)
calendar months after the end of the recruitment process, or for as long as the candidate’s consent
for the respective data processing is valid, unless another legal basis for data processing exists,
after which the personal data is deleted.
XI. Access to Personal Data and Other Client Rights
22. The Client has the right to receive information specified in regulatory enactments regarding the
processing of his or her data.
23. In accordance with regulatory enactments, the Client also has the right to request from the Company
access to his or her personal data, as well as to request that the Company supplement, rectify, or delete
such data, or restrict processing in relation to the Client, or to object to processing (including the
processing of personal data carried out based on the Company’s legitimate interests), as well as the right
to data portability. These rights may be exercised to the extent that the data processing does not arise
from the Company’s obligations imposed by applicable regulatory enactments and which are carried out
in the public interest.
24. The Client may submit a request to exercise his or her rights in the following ways:
24.1. in written form at the Company’s office in Mārupe (address: “Kļavulapas”, Mārupe, Mārupes
novads, LV-2167) or by using postal services;
24.2. by email, signed with a secure electronic signature and sent to the email address: datuaizsardziba@zk9.lv.
25. Upon receiving the Client’s request to exercise their rights, the Company verifies the Client’s
identity, evaluates the request, and fulfills it in accordance with regulatory enactments.
26. The Company sends its response to the Client by registered mail to the contact address
specified by the Client or by email with a secure electronic signature (if the request was submitted
with a secure electronic signature), taking into account, as far as possible, the Client’s
indicated preferred method of receiving the response.
27. The Company ensures compliance with data processing and protection requirements
in accordance with regulatory enactments and, in the event of a Client objection, undertakes
appropriate actions to resolve the objection. However, if resolution is not achieved, the Client
has the right to contact the Data State Inspectorate.
28. The Client has the right to receive one copy free of charge of their personal data being
processed by the Company.
29. The receipt and/or use of the information referred to in point 28 of this document may
be restricted to prevent adverse effects on the rights and freedoms of other persons (including
Company employees).
30. The Company undertakes to ensure the accuracy of Personal Data and relies on its clients,
suppliers, and other third parties that provide Personal Data to ensure the completeness and
accuracy of the submitted Personal Data.
XII. Client Consent to Data Processing and the Right to Withdraw It
31. The Client gives consent to the processing of personal data, where the legal basis is consent
(for example, to receive commercial communications, for the analysis of personal data, or for
receiving loyalty cards), in writing at the Company’s office, on the Company’s website and mobile
applications, or at another location where marketing activities are organized.
32. The Client has the right to withdraw their consent to data processing at any time in the same
manner in which it was given and/or in accordance with the procedure specified in point 24. In such
a case, further data processing based on the previously given consent for the specific purpose
will no longer be carried out.
33. The withdrawal of consent does not affect the lawfulness of data processing carried out while
the Client’s consent was still valid.
34. Withdrawal of consent does not terminate data processing that is carried out based on other
legal grounds.
XIII. Commercial Communications
35. Communication regarding commercial notifications about the services of the Company and/or
third parties, as well as other notifications not directly related to the provision of agreed services
(for example, customer surveys), is carried out by the Company in accordance with external
regulatory enactments or based on the Client’s consent.
36. The Client gives consent to receive commercial notifications from the Company and/or its
cooperation partners in writing at the Company’s office, on the Company’s website and mobile
applications, or at another location where the Company organizes marketing activities.
37. The Client’s consent to receive commercial communications remains valid until it is withdrawn
(including after the termination of the service agreement). The Client may unsubscribe from further
commercial communications at any time in one of the following ways:
37.1. by sending an email to: datuaizsardziba@zk9.lv;
37.2. by submitting a written request at the Company’s office;
37.3. by using the automated opt-out option provided in the commercial communication
by clicking the unsubscribe link at the end of the respective commercial message (email).
38. The Company stops sending commercial communications as soon as the Client’s request
is processed. The processing of the request depends on technical capabilities and may take
up to three calendar days.
39. By expressing an opinion in surveys and providing contact information (email, phone),
the Client agrees that the Company may contact them using the provided contact details
in relation to the Client’s submitted evaluation.
XIV. Photography and Filming
40. Clients (seminar and event attendees) are informed that in certain cases, when the
Company’s activities are featured in mass media or the Company’s informational resources
(such as the Company’s website), photographs or video recordings of event attendees
may be processed. The legal basis for such data processing is the pursuit of legitimate
interests, except where the interests or fundamental rights and freedoms of the data subject,
which require the protection of personal data, override such interests — particularly if the
data subject is a child.
41. Prior to the respective event, the Company informs participants about the planned
personal data processing in accordance with the requirements of Article 13 of the Regulation
by placing information about personal data processing in invitations and before entering
the event venue.
XV. Website Visits and Cookie Processing
42. Cookies may be used on the Company’s website –
42.1. Cookies are files placed by websites on users’ devices to recognize the user and
facilitate their use of the site. Internet browsers can be configured to notify the client
about the use of cookies and allow the client to choose whether to accept them.
Refusing cookies will not prevent the client from using the website, but it may limit the
client’s ability to use certain website features;
42.2. The Company’s websites may contain links to third-party websites, which have
their own terms of use and personal data protection rules, for which the Company
assumes no responsibility for their completeness.
XVI. Other Provisions
43. The Company has the right to make changes and additions to the Privacy Policy
and, by making it available to the Client, publish it on the Company’s website.
44. The Company retains previous versions of the Privacy Policy, and they are
available on the website.