Open navigation
Close navigation

Privacy Policy

1. Introduction

1.1. “Elva DMS” (hereinafter referred to as the “Contractor”) deals with deployment and servicing of business IT systems, sale of licences, training of system users and stakeholders, organising and conducting business seminars (hereinafter referred to as the “Service” or the “Services”).
1.2. The Contractor has drafted this privacy policy (hereinafter referred to as the “privacy policy”) to inform about the Contractor’s data protection practices when providing services and hosting the Internet website www.elvadms.com (hereinafter referred to as the “Website”).
1.3. This privacy policy shall be binding on the Contractor and the persons whose data is processed by the Contractor, including:

on potential recipients of the Service who submit their data to the Contractor for the purposes of receiving the Services,
on the persons who receive the Services,
on the persons who visit the Website.

1.4. In addition to the provisions of this privacy policy, the Contractor and the recipient of the Services shall be bound by the data processing rules laid down in the contracts for the provision of the Services and agreements for the processing of personal data, if any. In the event of a conflict between this privacy policy and the contract for the provision of the Services and/or an agreement for the processing of personal data, the most favourable rules for the data subject shall apply. Supplements and clarifications which do not conflict with the laws and regulations referred to in paragraph 2.1 of this privacy policy shall not be considered a conflict.
1.5. The potential recipient of the Services and the recipient of the Services are obliged to obtain consent of their representatives to transfer their personal data to the Contractor, inform their representatives of the transfer of their personal data to the Contractor and the terms of this privacy policy if they submit their personal data to the Contractor.
1.6. The Contractor is entitled to amend the privacy policy rules provided that the regulatory enactments referred to in the next paragraph of the privacy policy are complied with. The Contractor shall publish a valid version of the privacy policy on the Website.

2. General rules of processing of personal data

2.1. The Contractor shall process and protect personal data in accordance with the laws and regulations in force in the Republic of Latvia, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2.2. This privacy policy shall include the main rules for the processing and protection of personal data, in addition to which the Contractor shall lay down and implement other provisions for the processing and protection of personal data which do not conflict with this privacy policy and comply with the laws and regulations laid down in the previous paragraph.
2.3. The Contractor certifies that it has taken the necessary measures to ensure the protection of personal data and to prevent access of third parties to them as far as possible. The Contractor shall control and improve data protection processes on a regular basis.
2.4. Under this privacy policy data shall mean any information, including personal data, information on the service provided by the Contractor, information on the Contracts to be entered into and concluded for the provision of the Services, the amount of payments and the payment history of the Contractor’s recipient of Services, the content of telephone calls with the representatives of the recipient of the Services, etc. Personal data processed and protected under this privacy policy shall be any information relating to an identified or identifiable natural person. The persons whose data is processed by the Contractor may also be referred to as “data subjects” in the text of this privacy policy.
2.5. Under this privacy policy “processing of personal data” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.6. The data subject has the right to request from the Contractor access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability.
2.7. The data subject has the right to submit a complaint about Contractor’s violations in the processing and protection of personal data to the supervisory authority: the Data State Inspectorate of the Republic of Latvia.

3. Purposes of acquisition, processing of personal data and legal basis for processing

3.1. The Contractor shall receive data, including personal data, in a variety of ways, including:

3.1.1. The potential recipient of the Services shall submit to the Contractor the data for entering into a contract with the Contractor for the provision of the Services, and the Contractor shall process the data for the preparation, conclusion and execution of the contract for the provision of the Services, as well as for other purposes specified in this privacy policy and the contract on provision of the Services. Where a potential recipient of the Services is a natural person, the submission of personal data shall be a prerequisite for entering into a contract for the provision of the Services; the submission of any additional data of representatives shall, in that case, be optional. Where a potential recipient of the Services is not a natural person, the submission of the name of the natural person who will sign a contract for the provision of the Services with the Contractor, as well as a power of attorney for the person concerned if the person represents the potential recipient of the Services on the basis of a power of attorney; the submission of any additional data of representatives shall, in that case, be optional.
3.1.2. The Contractor shall receive the data during the training and other events referred to in paragraph 1.1 that are organised by the Contractor, including by taking photographs and recording videos.
3.1.3. The Contractor shall receive from third parties the data necessary for the performance of contracts concluded between third parties and the data subjects concerned, that is if the Contractor provides the Services as a sub-contractor.
3.1.4. The Contractor shall receive data from publicly available registers.
3.1.5. The Contractor can receive the data using cookies on the Website placing a notice on the Website. More detailed provisions relating to the processing of those data are set out in paragraph 6 of this privacy policy.

3.2. The Contractor shall process data from potential recipients of the Services and recipients of the Services for the following purposes:

3.2.1. If the data subject has submitted data to the Contractor, thereby giving consent to the processing of personal data, the Contractor shall be entitled to process the data with a view to providing advice, preparing the Service offers and entering into a contract for the provision of the Services in order to take measures prior to the conclusion of the contract on provision of Services.
3.2.2. For the performance of a contract for the provision of Services, for communication with the recipient of the Service, for notification on changes in the Service, for the provision of technical information, for notification on software updates, for the submission of security, support and other messages.
3.2.3. For the performance of contracts concluded between third parties and the data subjects concerned, that is if the Contractor provides the Services as a sub-contractor.
3.2.4. To notify the recipient of the Services of other Contractor’s services Offers. In such a case, the legal basis for the processing of personal data shall be the consent of the recipient of the Service, which shall be deemed to be expressed when entering into a contract for the provision of Services.
3.2.5. For the preparation of Service offers, advertising of the Contractor and informing third parties about the Services, using photographs and video recordings obtained during the training and other events referred to in paragraph 1.1 that are organised by the Contractor.
3.2.6. To control the quality of the Services and to determine customer satisfaction by asking the recipient of the Services to participate in surveys on the quality of the Contractor’s services and receiving survey results. For customer service quality control and improvement of the quality of Contractor’s services phone conversations with representatives of the customer service centre may be recorded and saved.
3.2.7. For sending of greetings to the recipient of the Services at national holidays and greetings to the recipient of the Service and its representatives on their birthdays and name days. In such a case, the legal basis for the processing of personal data shall be the consent of the recipient of the Service, which shall be deemed to be expressed when entering into a contract for the provision of Services.
3.2.8. In order to fulfil the legal obligations applicable to the Contractor, if such are provided for by regulatory enactments.

3.3. If the potential recipient of the Services has submitted personal data for the purposes specified in paragraph 3.1.1 of this privacy policy, they shall be entitled to withdraw their consent to the processing of personal data before the conclusion of the contract for the provision of the Services and to withdraw from the conclusion of the contract for the provision of the Services.
3.4. If the recipient of the Services has submitted data to the Contractor prior to entering into a contract for the provision of the Services, it is not necessary to re-submit the data when entering into the contract for the provision of the Services, and the Contractor shall not be obliged to inform the data subject separately of the processing of their personal data and the change of the legal basis.

4. Categories of recipients of data

4.1. The employees of the Contractor are entitled to process personal data in accordance with their duties. The Contractor is required to inform the employees who process the data of the recipients of the Service of the terms of this privacy policy.
4.2. Data of potential recipients of the Service who submit the data to the Contractor for the purposes of receiving the Services and data of recipients of the Service may be transferred to third parties for the following purposes:

4.2.1. The data of the potential recipient of the Service may be transferred to the relevant outsourcer (for example, the issuer of software licenses) with a view to obtaining a specific service offer and to processing the application of the potential recipient of the Services prior to the conclusion of a contract for the provision of the Services.
4.2.2. The data of the recipient of the Service may be transferred to outsourcers for the performance of a contract for the provision of the Services, including for the processing of applications of the recipient of the Service, for example, for the processing of an application for changes in the Service, providing of software licenses, executing of programming jobs, processing of damage applications, preventing of damages, etc.
4.2.3. Other cooperation partners of the Contractor for the performance and management of the contract for the provision of the Services, including administration, record-keeping, accounting and legal service providers, etc.
4.2.4. Making available to third parties photographs and video recordings obtained during the training and other events referred to in paragraph 1.1 that are organised by the Contractor with a view to advertising the Contractor and informing of the Services.
4.2.5. To debt recovery service providers and for filing to court if the recipient of the Services fails to make payments in good time. The Contractor has the right to transfer to third parties the data of the recipient of the Service for the purpose of recovering the debt, including the establishment of a database of the debt history.
4.2.6. Data may be transferred to third parties in cases provided for by law for the purposes of performance of duties imposed by regulatory enactments.

5. Time period for which personal data are stored

5.1. Personal data in the case referred to in paragraph 3.2.1 of this privacy policy shall be kept for a maximum of 1 (one) month for the purposes of concluding a contract for the provision of the Services. If a contract for the provision of the Services has not been concluded within that time period for any reason, but the data subject subsequently contacts the Contractor with a repeated offer to enter into a contract for the receipt of the Services, personal data should be resubmitted to the Contractor. Where a contract for the provision of the Services is concluded within that time period, the Contractor shall continue to store the personal data in accordance with the next paragraph of this privacy policy.
5.2. For the purposes specified in paragraph 3.2.2 of this privacy policy personal data shall be stored during the period of validity of the contract for the provision of the Services and in addition for a period not exceeding 10 (ten) years after termination of the contract with a view to ensuring preservation of documents certifying and supporting earlier transactions, the fulfilment of guarantee obligations and the recovery of any potential debt.
5.3. In the case referred to in paragraph 3.2.3 of this privacy policy, it is not possible to specify an exact period of storage of the data, but the Contractor shall be entitled to process personal data for a period not exceeding the performance of the duties of the Contractor in accordance with a contract for the provision of the Services concluded between the Contractor and the third party.
5.4. The period of storage of personal data for the purposes specified in paragraphs 3.2.4 to 3.2.6 of this privacy policy shall be the period of validity of the relevant contract for the provision of the Services.
5.5. The period of storage of personal data for the purposes specified in paragraph 3.2.7 of this privacy policy shall be determined in accordance with the regulatory enactments in accordance with which the Contractor is subject to the specified legal obligation.
5.6. In other cases, the period of storage of personal data shall be determined without exceeding the time period specified in regulatory enactments, if such is specified.

6. Special provisions relating to the use of the Website

6.1. The Contractor can receive the data using cookies on the Website placing a notice on the Website. The legal basis for such data processing shall be consent of the data subject, which shall be deemed to have been provided if the data subject continues to use the Website after a warning on the use of cookies has been displayed on the Website.
6.2. The Contractor shall ensure the processing and protection of personal data of Website visitors in conformity with the regulatory enactments specified in paragraph 2.1 of this privacy policy.
6.3. With a view to providing services and evaluating the need to improve the Website, the Contractor has the right to process information about Website visitors which are included in Website access files, such as IP address, type of network browser used, previous Website page from which the visitor has reached the Website, the Internet service provider, the time of the visit, Website sections, etc.
6.4. In line with the capabilities of the technologies used, cookies may be disabled, but this is not recommended, as this may result in fewer or denied Website usage rights.
6.5. The Website is the property of the Contractor. Any text, images, diagrams, sound files, animation files, video files, and their arrangement on the Website are objects of copyright and other intellectual property rights. These objects may neither be copied for commercial purposes or for distribution, nor modified or placed on other Websites. When republishing materials, a written permission of the Contractor is required. When quoted, a reference to the source is mandatory.
6.6. The Contractor shall not assume responsibility for other Websites, to which links from the Website lead.

7. Communication with Elva DMS SIA

If you have any questions related to the processing of personal data, you can contact the Contractor using the following contact information:
Elva DMS SIA
46 Robezu Street, Riga, Latvia, LV-1004
help@elvadms.com
+371 67065115