1.1. Personal data controller is the Association “Rīgas Ebreju kopiena”, Reg. No. 40008000511, legal address: 6 Skolas Street, Riga, LV-1010 (hereinafter – the Association). You may contact us in the matters on personal data processing by e-mail: firstname.lastname@example.org or by writing to our legal address.
2. Purposes and Legal Grounds for Personal Data Processing
2.1. The Association may process personal data for the following purposes:
2.1.1. fulfilment of the agreements signed by the Association;
2.1.2. fulfilment of legal and contractual obligations;
2.1.3. advertising of the services provided by the Association;
2.1.4. processing of the member applications, identification, admission and exclusion of members;
2.1.5. administration of payments, debt collection and recovery. The purpose pertains to the activities performed within the scope of settlements with a person,
2.1.6. creation and maintaining of the member register;
2.1.7. identification of employees, clients, partners and other data subjects;
2.1.8. accounting/finance and tax administration. The purpose pertains to accounting, paying of taxes, settlements, etc.
2.1.9. designing, development and implementation of events/programs/projects;
2.1.10. identification and servicing of service recipients;
2.1.11. raising of donations and receipt of funding;
2.1.12. review of objections, complaints, suggestions, notices and other applications;
2.1.13. maintaining communication with the members, clients, partners, service recipients of the Association or other data subjects;
2.1.14. maintaining and analysing statistical data;
2.1.15. for purposes of scientific and historical research;
2.1.16. maintaining and improvement of operation of the Association’s website;
2.1.17. protection of legitimate interests;
2.1.18. fulfilment of binding laws and regulations;
2.1.19. for archiving purposes;
2.1.20. for other purposes if the data subject has been advised thereof.
2.2. In any of the above situations, the Association shall process the personal data only to the extent allowed by the specific processing purpose.
2.3. Legal Grounds for the processing of personal data:
2.3.1. requirements of the laws and regulations;
2.3.2. contractual relations;
2.3.3. consent of the data subject;
2.3.4. legitimate interests of the Association.
2.4. The legitimate interests of the Association:
2.4.1. to carry out activity of the Association;
2.4.2. ensure fulfilment of the obligations associated with the agreements signed by the Association;
2.4.3. ensure efficient management processes of the Association;
2.4.4. advertise activity of the Association and inform society regarding activity of the Association;
2.4.5. turn to the state, local government and law enforcement authorities for the protection of its legitimate interests;
2.4.6. ensure fulfilment of obligations of the Association, its members, employees, partners and clients;
2.4.7. ensure safety of the employees and visitors of the Association, including elimination of threats and crimes;
2.4.8. carry out security measures to protect the Association’s property and rights.
3. How the Association Acquires Personal Data
3.1. Information acquired by the Association on the data subject depends on the content of the transaction. Data is mostly acquired from the data subject.
4. Video Surveillance
4.1. Video surveillance and recording takes place on the premises of the Association, structural units and adjacent territory. Purpose of the video surveillance:
4.1.1. to protect health and life of the employees, visitors and other persons;
4.1.2. protect property of the Association;
4.1.3. eliminate and detect crimes and violation of law.
4.2. Video surveillance shall not mean automatic identification of the person. We shall use the video recording only to reach the indicated goals.
4.3. We shall keep the video recording for a period of up to 3 months. If the recording is necessary as an evidence in the civil, administrative, criminal proceedings or in the scope of any other legal proceedings, we shall exercise the right to keep the recording as long as necessary.
5. Personal Data Categories
5.1. Personal data categories mostly processed by the Association but not only shall be:
5.1.1. Identification data: name, surname, personal identification number, date of birth (document data in some individual situations);
5.1.2. Contact information: address, e-mail, phone number;
5.1.3. Professional data: education, position, work place;
5.1.4. Special category personal data: ethnicity, religious and/or philosophical affiliation, health data;
5.1.5. Data on personal income;
5.1.6. Additional information on personal biography;
5.1.7. Data acquired by fulfilling obligations prescribed in the laws and regulations;
5.1.8. Data on participation in the programs, events and projects organised by the Association;
5.1.9. Data acquired as a result of video surveillance.
6. Transfer of Personal Data
6.1. In order to fulfil our legal obligations, we can transfer your personal data to law enforcement authorities, as well as to the state and local government institutions in the situations specified in the laws and regulations.
6.2. The Association may transfer personal data to the outsourced service providers for an adequate fulfilment of its existing obligations and in its legitimate interests to the extent necessary for the performance of these activities. Cooperation partners of the Association may process personal data only in accordance with the controller’s instructions and shall not use the personal data for any other purposes than for the fulfilment of obligations of the signed agreements based on the Association’s assignment. These companies are required to provide appropriate degree of personal data protection.
6.3. For the implementation of individual programs, projects and measures in the situations when the Association has legal grounds for it, personal data of the data subject may be transferred outside the EU/EEA for a purpose of fulfilling contractual relations, raising funding, providing assistance to the data subject.
6.4. The Association shall provide, independently review and improve the protective measures, as well as apply modern technologies to protect personal data of its employees and clients. The Association shall protect personal data with physical and logical means of protection to ensure that data is adequately protected in each stage of data processing.
7. Storage Period
7.1. Personal data shall be processed as long as it is necessary for the purpose of personal data processing. The storage period shall be justified by the agreement, legitimate interests of the Association, applicable laws and regulations or while the consent of the data subject for data processing is in force, unless any other legitimate grounds exist for the personal data processing.
7.2. Data shall be destroyed upon the expiration of the data storage period.
8. Adoption of Automated Decisions
8.1. The Association shall not adopt automated decisions.
9. Rights and Obligations of the Data Subject
9.1. The data subject may:
9.1.1. receive the information prescribed in the laws and regulations on its personal data processing in the Association;
9.1.2. request access to its data;
9.1.3. if the information on data subject is incorrect or incomplete, the subject may provide the Association with updated information and request its correction;
9.1.4. withdraw consent;
9.1.5. in individual situations, object to data processing, restrict data processing, ask to delete data.
9.2. You may exercise your rights only based on a written application (including the application signed with a safe electronic signature). We shall provide an answer pursuant to the deadline prescribed in the laws and regulations.
9.3. The Association shall review a complaint of data subjects pursuant to the requirements of the laws and regulations. If a solution may not be found, you may address this matter with the Data State Inspectorate.
9.5. The data subject is obliged to:
9.5.1. provide the Association with up-to-date information on changes to its personal data in reasonable time;