Published: 17.09.2020.

General Privacy Policy of the Single Website Platform

Your privacy and data protection is very important to the webmaster of the Single Website Platform. We assume that if you are reading this Policy in connection with the consent required of you in connection with the processing of your personal data, you have read this statement and agreed to the processing of your personal data before submitting your personal data.

Public administration is committed to openness and transparency, so by providing us with your personal data, we have described how personal data is processed on the Single Website Platform and for what purposes. Before processing personal data, we evaluate the lawfulness of the data processing activity. We process personal data on the basis of official authority and legal obligations applicable to it.

The purpose of the privacy policy of the Single Website Platform is to comply with the principles of personal data processing contained in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (hereinafter - GDPR), to provide general information regarding the processing of personal data organised and performed by the State Chancellery.

The personal data controller of the Single Website Platform shall be the State Chancellery (SC). The personal data processors of the Website Platform shall be the institutions of the websites included on the platform, the maintainers of the platform - the State Regional Development Agency (SRDA), the hosts on technical resources - the Information Centre of the Ministry of the Interior (ICMI) and the technical service providers - Latvian State Radio and Television Centre (LSRTC).

Your personal data on the Single Website Platform shall be processed in accordance with the implementation of the legal interests of public administration institutions, for the fulfilment of obligations specified in the laws and regulations, fulfilment of contractual obligations, provision of public information, as well as other previously provided purposes.

The legal basis for the processing of personal data performed within the framework of the services managed by the Single Website Platform shall be determined by the following laws and regulations:

Employees of the parties involved in the operation of the Single Website Platform shall only process personal data for the performance of their official duties or on behalf of or under the instruction of the authorities, in compliance with the basic principles of personal data processing and confidentiality requirements set out in the institution's internal documents.

An employee shall be prohibited to process personal data obtained within the framework of the performance of official duties for his or her own or other persons' personal purposes. By processing personal data in the course of their official duties, processors of personal data shall, as far as possible, reduce the risk of personal data coming into the possession of unauthorised persons as a result of actions or omissions.

On the Single Website Platform, your personal data shall be processed in accordance with the requirements of confidentiality and taking care of the security of the data we hold. The processors of personal data on the Single Website Platform shall take various security measures to prevent unauthorised access to your data, disclosure of data or use of other inappropriate personal data. Proper data information processing, storage, data integrity shall be ensured with an appropriate level of security. Accordingly, we use proportionate and appropriate physical, technical and administrative procedures and means to protect the personal data we collect and process. The implemented security measures shall constantly be improved in accordance with the security requirements, subject to appropriate data protection safeguards and to the extent necessary for the purposes of the processing.

We carry out personal data protection with data encryption tools, firewall protection, as well as other data network security breach detection solutions. The data controllers of the Single Website Platform shall ensure the confidentiality of the data and take appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing, disclosure, accidental loss, distribution or destruction, subject to appropriate data protection safeguards and to the extent necessary for the Data processing purposes. Personal data security measures shall constantly be improved and refined in order not to lower the level of personal data protection.

Protection of personal data processing shall be performed:

  • in the information technology infrastructure (servers, local computer networks and application software) for the personal data processed;
  • for personal data transported in the data transmission network, if any;
  • in the information systems used for the provision of work, which are administered by the institutions involved in the Single Website Platform;
  • for electronic documents developed, registered and in circulation, containing personal data.

You may withdraw your consent (if requested from you and you have given it) to the collection, processing and use of your personal data at any time. The personal data controller of the Single Website Platform shall assess your claims based on his/her legal interests. If personal data are no longer needed for pre-defined processing purposes, it shall be deleted.

The administrator of the Single Website Platform shall be responsible and processes personal data by means that must prevent the misuse, unauthorised disclosure, alteration of personal data.

In order to improve the communication of public administration institutions, the personal data controller shall monitor the received personal data. This data in an aggregated form can be used to create overview reports that can be disseminated to the public administration in Latvia. Messages shall be anonymised and not contain any personal data.

The Single Website Platform shall contain access data of the registered and public users, usernames, information selection parameters, traffic information, and Internet Protocol (IP) access address information. Single Website Platform shall use cookies to provide information about visitor activity, pageviews, sources, and time spent on the site. We collect this information to improve the convenience and interests of website visitors to ensure that you receive the best possible service. The processing of personal data shall be carried out as little as possible, only to achieve the purpose of the processing.

We only store your personal data on websites for as long as it is necessary for the purposes for which it was collected. The processors of the personal data of the Single Website Platform who have access to this data are trained to handle it properly and in accordance with the regulatory data security framework.

Personal data shall be stored for as long as there is a legal obligation to store personal data. At the end of the data retention period, the data shall be securely deleted or depersonalised so that it can no longer be linked to the data subject.

Personal data held by the Single Website Platform shall be considered as restricted information and shall only be disclosed to third parties in the cases, in accordance with the procedure and to the extent specified in laws and regulations or concluded agreements. When transferring personal data to the contractual partners of the Single Website Platform (independent controllers), additional provisions regarding the processing of personal data shall be included in the agreements.

Links to other sites with different terms of use and personal data protection rules shall be included on websites.

The institutions involved in the implementation and cooperation of the website platform shall cooperate with each other on the basis of the adopted regulations. If you have any questions or complaints regarding the processing and protection of personal data, report it to the State Chancellery by writing to the e-mail vk@mk.gov.lv, where the information submitted by you will be registered and evaluated, or contact the responsible person for data processing appointed by the State Chancellery. The responsible personal data controller shall be Aldis Apsītis (e-mail address: aldis.apsitis@mk.gov.lv. Data subjects may submit complaints regarding the use of personal data to the Data State Inspectorate (www.dvi.gov.lv ), if the subject considers that the processing of his or her personal data violates his or her rights and freedoms in accordance with the applicable laws and regulations.

The Single Website Platform uses cookies, by warning the website users and visitors thereof.

The Single Website Platform uses cookies to comply with the obligation specified in Clause 23 of the Cabinet Regulation of 4 July 2017 No. 399 “Procedures for the Accounting and Provision of Quality Control of Public Administration Services”, as well in Section 10 of the Public Administration Structure Law to obtain attendance and usage statistics in order to improve your convenience of use of the Single Website Platform. We ensure that you can read the Cookie Policy and make a choice on whether to give your consent to the collection of statistics.

Cookies are small text files, sent to your computer’s memory when visiting a website. During each next visit cookies are sent back to the website of origin or to any other website recognising the cookies. Cookies operate as memory of the particular website, enabling the site to remember your computer during next visits, including that cookies may remember your settings or improve user convenience.

The cookies used can be divided into technologically necessary cookies, without which the performance of the service is technologically impossible or significantly difficult, and analytically statistical cookies.

By using the website, you agree that the analytical statistical cookies placed on this website are used for the purpose of improving the quality of services in compliance with the principles of public administration described in Section 10 of the Public Administration Structure Law that public administration is organised in a way that is as convenient as possible and accessible to an individual, as well as an the obligation of the public administration to improve the quality of services provided to the public, to simplify and improve procedures for the benefit of natural persons.

The website uses the following cookies:

  1. Required:
  • SESSdb34877a4022e0a5c40d60cffaeb5307 This cookie is only required for content administrators for authentication.
  • maintenance_message - This cookie is required for all users to prevent the content or platform administrator's notifications from reappearing (those which the content user has read and clicked the "Close" button).
  • allowCookies - This cookie determines whether you have agreed to the terms of use of cookies and whether to display a statement about the use of cookies in the future.
  1. Statistics:

This webpage uses the application “Google Analytics” made by the company Google Inc., using cookies that are stored on your computer to enable analysis of how you use the relevant webpage. The information established by the cookies about how you use the webpage is sent to the Google server in the USA and stored there. Your IP address, when applying IP anonymisation, is shortened within the territory of the European Union or the European Economic Area and may only be delivered for processing to Google servers located in the USA in exceptional cases. Google uses the information in order to assess how you use the particular webpage, in order to prepare reports for webpage providers about activities on the relevant webpages and to provide other services related to the use of webpages and the internet. Google shall never link the IP address received here with any other information being at the disposal of Google. In case of need, Google provides this information to third parties, if it is stipulated in the law or if third persons perform the processing of such data on the assignment of Google.

  • _ga, _gat, _gid - These three cookies are required for all users to allow traffic data to be passed to the google analytics statistics collection tool.

If you do not accept the use of statistics cookies, traffic data will not be included in google analytics statistics.

 

  1. Social media:
  • _cfduid - This cookie is required for all users to share a content item on their social networks.

You may object to the creation, storage and processing of such statistics by manually disabling the use of the cookie handling mechanism in your browser at any time.

You can change or delete your cookie settings in your web browser settings. We add links to cookie management information resources for the most popular browsers:

More information on how to control cookies according to your device's browser can be found at: www.aboutcookies.org.

The purpose of the Privacy Policy is to provide a natural person with information about the purposes for which the Internal Security Bureau (hereinafter – the Bureau) obtains personal data, the scope of the data and the duration of data processing, data protection measures, as well as to inform individuals about their rights and obligations and to provide other information in accordance with the requirements of regulatory enactments in the field of personal data processing and protection.

1. Identity and Contact Details of the Controller

Personal Data Controller
Internal Security Bureau
K. Valdemāra Street 1A, Riga, LV-1010
Registration No.: 90010643967
Telephone: +371 67209000
Email: pasts@idb.gov.lv
Website: www.idb.gov.lv

Contact details of the Data Protection Officer:
personasdati@idb.gov.lv

2. General Information

2.1. When processing personal data, the Bureau complies with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), the Law “On the Processing of Personal Data in Criminal Proceedings and Administrative Offence Proceedings”, as well as other regulatory enactments in the field of privacy and personal data processing.

2.2. The maintenance of the Bureau’s information and communication technology technical resources and the administration of information systems involve the Information Centre of the Ministry of the Interior, whose tasks and competence are determined by regulatory enactments, including the Regulations of the Information Centre of the Ministry of the Interior, and further specified in cooperation agreements and service-level agreements.

2.3. This Privacy Policy applies to any natural person whose personal data is processed by the Bureau, regardless of the form or environment in which the individual provides personal data.

2.4. When processing personal data, the Bureau:

  • informs and explains which personal data are required and how they will be used;
  • implements measures for training and informing its employees on personal data protection issues;
  • protects personal data by implementing administrative, technical, and physical security measures, assessing risks and proportionality;
  • transfers personal data to third parties in compliance with applicable regulatory enactments governing the processing of personal data;
  • implements internal control procedures aimed at reducing the likelihood and consequences of security incidents.

3. Categories of Personal Data

3.1. Personal data are processed when received directly from a natural person as well as from external data sources — information systems, registers, video surveillance equipment, and other information sources — in accordance with procedures established by regulatory enactments.

3.2. The Bureau processes the following categories of personal data:

  • identification data (name, surname, personal identity number, date of birth, data from identity documents, signature);
  • contact information (actual and declared address, telephone number, email address);
  • professional data;
  • data relating to service or employment relationships;
  • financial data (e.g., bank account number);
  • video recordings, photographs, and voice recordings;
  • data submitted to the Bureau by the individual;
  • other personal data in accordance with the requirements of regulatory enactments.

4. Purposes and Legal Basis for Personal Data Processing

4.1. The Bureau processes personal data only where an appropriate legal basis exists, as determined by regulatory enactments establishing the Bureau’s functions and tasks or the fulfilment of legal obligations applicable to the Bureau.

4.2. Personal data processing is carried out according to the purposes defined by the Bureau and only in accordance with those purposes. When performing the functions and tasks laid down in regulatory enactments, the Bureau processes personal data for the following purposes:

4.2.1. Personnel Management

Applicants for vacant positions at the Bureau are provided with information on personal data processing carried out for the recruitment process. This information is included in the vacancy announcement.

Legal basis for processing:
The Labour Law, the Law on the Service Course of Officials with Special Service Ranks in Institutions of the Ministry of the Interior System and the Prison Administration, the Internal Security Bureau Law, the State Administration Structure Law, the State Civil Service Law, the Archives Law, the Disciplinary Liability Law for Officials with Special Service Ranks of the Ministry of the Interior System and the Prison Administration, the Law “On Prevention of Conflict of Interest in Activities of Public Officials”, other legal acts of the Republic of Latvia, as well as internal regulations of the Ministry of the Interior and the Bureau.

4.2.2. Accounting and Financial Management

Legal basis for processing:
The Labour Law, the Accounting Law, the Law on Budget and Financial Management, the Law on the Service Course of Officials with Special Service Ranks in Institutions of the Ministry of the Interior System and the Prison Administration, the Internal Security Bureau Law, the State Administration Structure Law, the Archives Law, the Law “On Accounting”, the Remuneration Law for Officials and Employees of State and Local Government Authorities, Cabinet Regulation No. 877 of 21 December 2021 “Accounting Procedures Regulations”, and other legal acts of the Republic of Latvia as well as internal regulations of the Ministry of the Interior and the Bureau.

4.2.3. Document Management and Records Administration

Legal basis for processing:
Article 12 of the Regulation, the Law “On the Processing of Personal Data in Criminal Proceedings and Administrative Offence Proceedings”, the Freedom of Information Law, the Law on Submissions, the Notification Law, the Official Electronic Address Law, the Archives Law, the Electronic Documents Law, and other regulatory enactments governing document circulation, management, and record-keeping.

4.2.4. Ensuring Access Control Systems

Access control for Bureau employees and visitors within Bureau premises is implemented to prevent or detect criminal offences related to property protection and to protect the vital interests of persons, including life and health.

Legal basis for processing:
The Internal Security Bureau Law, the Operational Activities Law, Cabinet Regulation No. 822 of 19 December 2023 “Regulations on the Protection of State Secrets, Classified Information of NATO, the European Union and Foreign Institutions”, and other internal regulatory requirements of the Bureau.

4.2.5. Ensuring Access Rights and Functionality to the Bureau’s Computer Networks and Information Systems

Legal basis for processing:
The Internal Security Bureau Law, Cabinet Regulation No. 442 of 28 July 2015 “Procedure for Ensuring Information and Communication Technology Systems Compliance with Minimum Security Requirements”, and other internal regulatory requirements of the Bureau.

4.2.6. Video Surveillance and Photography

Video surveillance and photography are carried out using stationary and mobile devices. These activities are also performed to ensure the legitimate interests of the Bureau or third parties, including for security and control purposes.

The Bureau may record video using individual body cameras and vehicle video recorders in order to provide objective documentation of conflict situations, prevent potential corruption risks, and facilitate evidence collection in road traffic accidents (including for insurance purposes) or other incidents.

The Bureau may also carry out photography or filming during public events to publish video materials and photographs on the Bureau’s social media platforms, website, intranet, and in mass media, to promote the Bureau’s recognition and to inform the public about its activities and current developments.

Legal basis for processing:
The Internal Security Bureau Law, the Law “On the Processing of Personal Data in Criminal Proceedings and Administrative Offence Proceedings”, the Criminal Procedure Law, the Operational Activities Law, Cabinet Regulation No. 304 of 31 August 1999 “On Operational Transport Vehicles”, and other legal acts of the Republic of Latvia as well as internal regulations of the Ministry of the Interior and the Bureau.

4.2.7. Ensuring Procedural and Operational Activities

Legal basis for processing:
The Internal Security Bureau Law, the Law “On the Processing of Personal Data in Criminal Proceedings and Administrative Offence Proceedings”, the Criminal Procedure Law, the Operational Activities Law, and other legal acts of the Republic of Latvia as well as internal regulations of the Ministry of the Interior and the Bureau.

4.2.8. Management of the Trust Hotline

Voice recordings are made of messages left by individuals on the telephone answering system.

Legal basis for processing:
The Internal Security Bureau Law, the Law “On the Processing of Personal Data in Criminal Proceedings and Administrative Offence Proceedings”, the Criminal Procedure Law, the Operational Activities Law, and other legal acts of the Republic of Latvia as well as internal regulations of the Ministry of the Interior and the Bureau.

5. Possible Recipients of Personal Data

5.1. Personal data are processed within the European Union / European Economic Area (EU/EEA).

5.2. Personal data are not transferred outside the EU/EEA.

5.3. Automated decision-making is not carried out.

5.4. The Bureau may transfer personal data to third parties in the following cases:

  • to persons specified in external regulatory enactments upon a justified request, in the prescribed manner and scope;
  • in cases provided for by external regulatory enactments for the protection of the legitimate interests of the Bureau or third parties;
  • with the consent of the individual.

6. Personal Data Retention Period

6.1. Personal data are stored in accordance with regulatory enactments and no longer than necessary for the purpose of processing personal data.

6.2. According to the Bureau’s records classification system, personal data may have different retention periods.

6.3. When the conditions determining that further storage of personal data is no longer necessary occur, the personal data are deleted.

7. Rights of the Data Subject

7.1. The Bureau ensures the data subject’s right to receive information specified in applicable regulatory enactments regarding the processing of their data.

7.2. The data subject has the right to:

  • request access to their personal data;
  • request the completion, correction, or deletion of their data;
  • request restriction of processing concerning the data subject;
  • object to the processing of personal data;
  • request data portability.

7.3. The above rights may be exercised insofar as the processing of personal data does not arise from the Bureau’s obligations under applicable regulatory enactments.

7.4. To exercise their rights, the data subject may submit an application to the Bureau or contact the Bureau in person.

7.5. Upon receiving a request from a data subject to exercise their rights, the Bureau verifies the identity of the data subject, assesses the information provided in the request, and fulfils it in accordance with applicable regulatory enactments.

7.6. In the event of objections by the data subject, the Bureau ensures compliance with personal data processing and protection requirements in accordance with applicable regulatory enactments in order to resolve the objection as quickly and effectively as possible.

7.7. If the data subject believes that the Bureau has not adequately protected their personal data, the data subject has the right to lodge a complaint with the Data State Inspectorate.

8. Other Matters

8.1. For transparency purposes, privacy policies relating to specific purposes of personal data processing may be published separately.

8.2. If the circumstances of personal data processing or regulatory enactments change, amendments may be made to the Privacy Policy by supplementing or clarifying it.

8.3. The Bureau reserves the right to amend the Privacy Policy by publishing the updated version on the Bureau’s website.