JSC TRANSPORTA UN SAKARU INSTITŪTS
(hereinafter the Institute)
Reg. No. 40003458903, address: Lomonosova 1, Riga, LV-1019
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Institute shall provide
for the transparent, fair processing of personal data in compliance with the applicable laws and regulations of the Republic of Latvia.
- Purpose limitations
- Integrity and confidentiality
- Storage restrictions
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or being made available otherwise, alignment or combination, restriction, erasure or destruction. Client – a natural person (staff, students and other clients of the Institute) who uses, has used, or has expressed a wish to use any services provided by the Controller or is otherwise related to them.
Personal data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one which can be directly or indirectly identified, in particular by referring to an identifier, such as the name, surname, identification number, location data, online identifier of that person or one or more physical, physiological, genetic, mental, economic, cultural or social identity.
Data subject – an identified or identifiable natural person (data subject – staff, students and other clients of the Institute).
Legal grounds for the processing of personal data in the Institute include:
- Consent of the data subject;
- Contractual obligations with the data subject;
- Lawful (legitimate) justification – provision of study process, organising courses, seminars and other training;
- In order to protect vital interests of the data subject or another natural person – provision for security in the Institute.
Purposes of personal data processing:
- For enabling the study process;
- For establishing the employment relationship and personnel management;
- For accounting records;
- For training in various courses and seminars;
- For hosting Erasmus programmes (guest lecturers/guest students);
- For conducting scientific research;
- For statements, overviews, reports, reconciliations, surveys;
- To provide for security in the Institute.
The Controller shall transfer the Personal Data of the Client to the following recipients of Personal Data, unless this conflicts with the applicable laws and regulations:
- Persons related to the functioning of the Controller and provision of the study process on the basis of concluded cooperation agreements, including but not limited to data storage service providers, IT service providers, security companies, banks, debt collection companies, etc., if there is a justified need;
- Law enforcement authorities or other third parties, if it is deemed necessary in accordance with the applicable laws and regulations.
- The Controller may transfer Personal Data to the related cooperation partners of the Controller in the European Union, the European Economic Area and to Third Countries, subject to the requirements of the applicable laws and regulations of the Republic of Latvia, in order to provide for Erasmus mobility and study process of the Controller.
Extent, term of Personal Data processing and data storage Personal Data are processed to the extent necessary and in accordance with the defined aims (purposes) of the processing of personal data, subject to the requirements of the applicable laws and regulations of the Republic of Latvia.
The Controller shall store Personal Data within the timeframe specified in laws and regulations as well as until the moment the purposes of Personal Data processing have been attained (personal data are necessary for the purpose for which they were received) and until there is a legal justification for the storage of data.
Deadlines for the storage of personal data are set forth in the Controller’s Personal Data Processing Register.
Confidentiality and data security The Institute uses appropriate technological and organisational measures to protect
Security procedures and rules of the Controller are in compliance with the applicable external laws and regulations governing the protection of personal data.
The staff of the Controller are trained and comply with confidentiality, security and personal data protection requirements.
Access to personal data of the Clients is only provided to authorised employees of the Controller, in individual cases to cooperation partners of the Controller on a contractual basis.
The Controller will respond to any objections of the Clients regarding data processing and will take all actions to eliminate objections of the Clients, if any are received.
Data subject rights In accordance with applicable laws and regulations governing the protection of personal data, the data subjects have the following rights:
- the right to limit the processing of personal data,
- the right to withdraw consent to the processing of personal data,
- the right to access the personal data,
- the right to correct or delete personal data from the systems of the Controller, unless the Controller has a legitimate reason to continue the processing of personal data.
If the data subject notifies the Controller of the wish to exercise any of these rights, the Controller will respond to such request within one month after receipt of the request. The data subject may contact the Controller to obtain information about personal data of the data subject at the disposal of the Controller, to approve or correct them.
The data subject is entitled to request the deletion of personal data held by the Controller, unless such requirement is in conflict with the applicable laws and regulations of the Republic of Latvia.
The data subject may make corrections to the submitted personal data at any time. In such event, the Controller should be contacted by phone + (371) 67100663 or a letter should be sent to the registered address of the Controller: Riga, Lomonosova 1 K-3, LV1019, or electronic message should be sent to the e-mail address: firstname.lastname@example.org.
The data subject is entitled to file a complaint about the processing of personal data with the supervisory authority, the State Data Inspectorate, contact details: Riga, Blaumaņa iela 11/13-15, phone: 67223131, e-mail: email@example.com.