Approved by: order of the Board Nr. 9/U-18R from 23.08.2018
Controller – SIA “POLIPAKS”, unified registration No 40003283415, legal address: “Mālkalni”, Vētras, Mārupes municipality, LV-2167, telephone 67517651, e-mail: firstname.lastname@example.org. Contact details of the Company in the matters related to the processing of personal data shall be: SIA “POLIPACS”, legal address: “Mālkalni”, Vētras, Mārupes municipality, LV-2167, telephone 67517651, e-mail: email@example.com bearing note for attention of “Data protection specialist”. Contact details of the Company are available also at the website: www.polipaks.com/contacts.
The Partner may contact the Company in relation to the Personal Data processing issues, withdrawal of consent, requests, use of the rights of data subjects and complaints regarding the use of personal data.
Partner means any natural and legal person, representatives and staff thereof using, having used, or having expressed their intention to use any goods and/or services provided by the Company, or in any other way related thereto or providing or intending to provide any goods and/or services to the Company or having any other relation thereto;
Personal data means any information related to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The policy shall be attributable to the processing of data regardless of what form and/or media (in paper, electronic or telephonic format) the Partner is providing personal data and in which systems of the enterprise or paper form these are processed.
The Company shall take care of the privacy and the protection of personal data of the Partner, respecting the Partners’ rights to lawfulness of the processing of personal data in accordance with 3 the applicable legislation – the Personal Data Protection Law, Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation) and other applicable legislation in the field of privacy and data processing.
With regard to specific types (e.g. processing of cookies, etc.), media and purposes of data processing, additional specific rules may be prescribed whereof the Partner shall be informed when they provide appropriate data to the Company.
In the processing of personal data, the Company shall ensure the confidentiality of personal data and implement appropriate technical and organisational measures in order to ensure that personal data are protected against unauthorised access, illegal processing or disclosure, accidental loss, alteration or destruction.
The present Policy shall be applicable to any natural person (data subject) whose personal data are processed.
The Company may use personal data processors for the processing of personal data. In such cases, the Company shall take the necessary measures in order to ensure that such personal data processors undertake the processing of personal data in accordance with directions of the Company and in accordance with the applicable regulatory enactments and require that appropriate security measures are carried out.
The Company shall be entitled to make additions to the Policy by making its current version available to the Partners through placement at the Company website www.polipaks.com.
The Company is processing the Partner’s data by means of modern technology capabilities, taking into account the existing privacy risks and the organisational, financial and technical resources reasonably available to the Company. The Company shall ensure, continuously review and improve the protective measures in order to protect the Partner’s personal data against unauthorised access, accidental loss, disclosure or destruction.
For the provision of performance of the obligations contracted with the Partner in a high quality and in an operative manner, the Company shall authorize other enterprises, their collaboration partners, to carry out the product and materials supply services. Where in fulfilment of these tasks the collaboration partners are processing the Partner’s personal data being at disposal of the Company, the relevant collaboration partners shall be considered to be the Company data processing operators (processors) and the Company shall be entitled to transfer the Partner’s personal data required for performance of these activities to the collaboration partners, to the extent necessary for performance of the said activities. Collaboration partners of the Company (in the personal data processor status) will ensure enforcement of the personal data processing and protection requirements in accordance with requirements of the Company and legislation, and will not use personal data for other purposes, save only for fulfilment of the obligations contracted with the Partner on behalf of the Company.
The Company shall scrutinise all the partners – service providers (personal data processors) processing the Partners’ personal data for and on behalf of the Company, as well as shall evaluate whether the collaboration partners (personal data controllers) are applying appropriate security measures in order to ensure that the processing of the Partners’ personal data would take place in accordance with delegation of the Company and the requirements of regulatory enactments. Collaboration partners are prohibited from processing the Partner’s personal data for their own purposes.
The Company shall not bear responsibility for any unauthorised access to personal data and/or loss of personal data if it is not dependent on the Company, such as due to the Partner’s fault and/or negligence.The Company shall provide guarantees for confidentiality and security of the Partners’ data through undertaking appropriate technical and organisational measures, taking into consideration the reasonably available organisational, financial and technical resources, ensuring physical and 6 environmental security of the Personal Data by limiting the rights of access to the Personal Data, as far as possible by means of carrying out transfer of the Personal Data in an encrypted manner, ensuring protection of the computer network, personal devices, backup copies of the data, etc. security measures, thereby ensuring protection of the Partners’ data against illegal access, use or disclosure.
In certain cases, pursuant to the requirements of regulatory enactments, personal data of the Company shall be accessed by the Partners (within the meaning of the Regulation – transfers to third countries) located in third countries (i.e. in the countries outside the European Union and the European Economic Area).
In such cases, the Company shall ensure the procedures prescribed by regulatory enactments for ensuring the processing and the protection of personal data equivalent to that provided for in the Regulation.
The Partner shall be entitled to receive the information specified in regulatory enactments regarding the processing of their data.
The Partner shall also be entitled, in accordance with regulatory enactments, to require access to their personal data and to require the Company to perform supplement, repair or deletion thereof or restriction of the processing in respect of the Partner, or the right to object to the processing (including the processing of personal data based on lawful (legitimate) interests of the Company), as well as the right to portability of data. These rights shall be implemented in so far as the processing of data is not derived from the obligations of the Company which have been imposed thereon by the effective regulatory enactments and which is carried out in the interests of the Company.The Partner may submit a request for the exercise of their rights:
Upon receipt of the Partner’s request for the exercise of its rights, the Company shall verify the identity of the Partner, evaluate the request and execute it in accordance with regulatory enactments.
The Company shall send a reply to the Partner by post, to their specified contact address, in a registered letter or, as far as possible, taking into consideration the manner of receiving the response specified by the Partner.The Company shall ensure compliance with the data processing and protection requirements in accordance with regulatory enactments and, in the event of objection from the Partner, take useful measures in order to resolve the objection. However, if failing to do this, the Partner shall be entitled to refer to the supervisory authority – the National Data Protection Agency.
It is assumed in the Company that the Company Partners, i.e. (including existing, potential or former) customers, suppliers, partners, their representatives and/or employees, when initiating, continuing or renewing collaboration, or communication with the Company about potential, existing or former collaboration or other issues, by default agree to the processing of their personal data.
The Partner shall be entitled to withdraw their consent at any time and to refuse the processing of Personal Data. Unless a refusal is received, the Company considers that the natural person agrees with the processing of their personal data.The Partner may refuse the processing of data by referring to specific purposes for the processing of data (see paragraph 4 of the Policy) by means of:
Withdrawal of the consent shall not affect the processing of data carried out at the time when the Partner’s consent was in force.
Upon withdrawal of the consent, the processing of data carried out on the basis of other legal grounds may not be suspended.If a refusal has been received from the Partner with regard to processing of personal data, indicating the purpose/s of the processing of personal data which prevents the continuation of collaboration on the basis of lawful (legitimate) interests, conclusion and enforcement of the contract or compliance with the regulatory enactments, the Company shall be entitled to restrict or to suspend the provision of its services and even terminate collaboration.
The Company communicates with the Partner using the contact details (telephone number, e-mail address, registered address, mailing address) provided by the Partner.
Communications regarding fulfilment of the contractual obligations of services shall be carried out by the Company on the basis of contract entered into or derived from an application/order received from the Partner.The Company shall undertake interaction concerning commercial communications with regard to services of the Company and/or third-parties and other communications not directly related with rendering of the contracted services (such as customer surveys) in accordance with the provisions of the external regulatory enactments, or in accordance with the consent of the Partner. By expressing their opinion in the surveys or leaving their contact information (e-mail, telephone), the Partner agrees that the Company can communicate with them by means of the contact details provided in relation to the assessment provided by the Partner. The Partner’s consent to the receipt of commercial communications shall be valid until withdrawal thereof (also after termination of the service contract). The Partner may, at any time, refuse subsequent receipt of the commercial communications in one of the following ways (by indicating refusal from the processing of data for a particular purpose (see paragraph 4 of the Policy), which is:
Cookies shall mean a detailed information, which the website stores on the user’s computer or on a mobile device when the user visits the website. It allows the server to collect information from the user’s browser, thereby the user does not always have to re-enter the data anew when they return to the website or move from one page to another. More information about how cookies work is available from the website www.cookiecentral.com.