Privacy policy

The purpose of the privacy policy of Civinity Group of companies in Latvia is to provide you (the data subject) with information on the legal and actual circumstances of your personal data processing, namely information on the purpose, scope, protection of personal data processing, as well as other information on your personal data processing in accordance with the requirements of the General Data Protection Regulation (hereinafter – the Regulation) and other regulatory enactments regulating data protection. Please read this policy carefully, and if you have any additional questions, please contact us using the contact information provided in this policy.

We respect your privacy, so the security of your personal information is our priority. We use appropriate organisational and technical means to ensure the continued security of your personal data.


We comply with the requirements of personal data protection legislation and take care to only collect the information that is necessary to achieve the purposes set out in this policy.


Policy applies to:

  1. natural persons – recipients of services (including potential, former and current) of the Civinity group of companies in Latvia;
  2. Employees (including potential, former and current) of the Civinity group of companies in Latvia;
  3. employees of various service providers who provide services to the Civinity group of companies in Latvia;
  4. correspondence with the submitters and recipients of the Civinity group of companies in Latvia;
  5. visitors to the website managed by the Civinity group of companies in Latvia.


  1. Data Controller and Its Contact Information


The controller of personal data processing is the Civinity group of companies in Latvia

AS “Civinity Mājas”, legal address: Dēļu iela 5, Riga, LV-1004

SIA “Civinity Mājas Jūrmala”, legal address: Dzintaru prospekts 3, Jūrmala, LV-2015

SIA “CS KOMERCSERVISS”, legal address: Dēļu iela 5, Riga, LV-1004

SIA “VBS serviss”, legal address: Dēļu iela 5, Riga, LV-1004

SIA “LABO NAMU AĢENTŪRA”, legal address: Dēļu iela 5, Riga, LV-1004

SIA “Home master”, legal address: Dzintaru prospekts 3, Jūrmala, LV-2015

(hereinafter – the Company), tel. +371 8000 1599, e-mail: [email protected]


2. Purpose of Personal Data Processing


2.1 Purpose of Personal Data Processing:

2.1.1. the provision and administration of services (see more on the website in the section “Services”):

  • customer identification;
  • preparation, conclusion and execution of a contract with the customer;
  • enforcement of accounting requirements;
  • real estate management;
  • administration of accounts;
  • debt collection from debtors;
  • review of customer objections and quality control;
  • building customer loyalty, measuring satisfaction.

2.1.2. provision of information to the state administration authorities and subjects of operational activities in cases and within the scope prescribed by external regulatory enactments;

2.1.3. personnel management, including: recruitment; conclusion and performance of an employment contract; working time accounting; ensuring the calculation of salaries and the payment of salaries; enforcement of accounting requirements (execution of relevant supporting documents, business trip arrangement); provision of social benefits for employees (health insurance); recording and control of the performance of work duties;

2.1.4. fulfilment of the requirements of regulatory enactments when performing the services referred to in paragraph 2.1.1 of this Policy;

2.1.5. Implementation of the legitimate interests of the Company and its customers: improvement of services, development of new services;

2.1.6. performing record keeping functions (receiving an application/e-mail/request, registering, sending a reply, etc.;

2.1.7. processing of the received application/e-mail/request and preparation of the response;

2.1.8. maintenance and improvement of operation of the webpage;

2.1.9. quality control.

2.2 The purposes of data processing referred to in Paragraph 2.1 of the Privacy Policy are indicative and personal data may also be processed for such purposes not directly mentioned, which are closely related to the above and necessary for the fulfilment of the requirements of regulatory enactments.


  1. Legal basis for the processing of personal data


3.1. The Company processes your personal data on the basis of the following legal grounds:

3.1.1. with the consent of the data subject (Article 6 (1) (a) of the Regulation);

3.1.2. processing is necessary for the performance of a contract with the data subject (employees, customers) or for taking action at the request of the data subject prior to the conclusion of the contract (Article 6 (1) (b) of the Regulation);

3.1.3. in cases where processing is necessary in order to implement or protect the legitimate interests of the Company in court (Articles 6 (1) (f) and 9 (2) (f) of the Regulation);

3.1.4. assessment of the employee’s ability to work (Article 9 (2) (h) of the Regulation);

in cases where processing is necessary to ensure the legitimate interests of the Company (to organise the efficient provision of services, to receive payment for the services provided) (Article 6 (1) (f) of the Regulation);

3.1.5. processing is necessary for compliance with a legal obligation to which the Company is subject (Article 6 (1) (c) of the Regulation).


  1. Amount of personal data to be processed


4.1. When a data subject receives services, in accordance with the requirements of regulatory enactments, the Company is obliged to process the data subject’s identifying information and information related to the type, amount, number, etc. of the service used.

4.2. The categories of personal data processed by the Company depend on the purposes and type of data processing:


Purpose of the processing of personal data Personal data
real estate management (to ensure mandatory and other management activities specified in regulatory enactments (Article 6 (c) of the Regulation), as well as to check questionnaires and protocols submitted by apartment owners of the residential building and execute the community’s decisions, identify the client, communicate with the client or its authorised person, preparation, conclusion and proof of the conclusion of the management and residential/non-residential premises lease/rental agreement, record keeping and home maintenance, delivery of invoices, administration of accounts, provision of information to public administration institutions in cases specified in laws and regulations (Article 6 (1) (b) of Regulation) name, surname, personal identification number (other personal identification number), name, surname, personal identification number (other personal identification number) of the authorised person, bank account, data on real estate owned by a natural person (address, cadastral number, area, date of acquisition of ownership/right of use and legal basis, date of termination of ownership/right of use), declared and actual place of residence, bank account information and contact information (telephone number, e-mail address), contract number, date of registration of the contract, administration provision date, number of persons declared, volume of water consumption, electricity, heat, gas, etc., information on settlements (invoice number, date, amount, method of receipt of invoice, date of payment, amount of debt, information on debt recovery.
Recruitment All information included in the CV submitted by the candidate, as well as information obtained from persons who have provided feedback on the candidate based on his/her consent. In the case that the candidate is invited for a job interview, the information provided during the job interview, the completed tests and other testing materials.
Personnel management Employee’s name, surname, personal identification number, address, telephone number, e-mail address, position, salary, hours worked, bank account number, periods of absence due to sickness, number of children and their years of birth, work experience, information on education and qualifications, language skills, etc. information containing personal data related to personnel management and information provided on the candidate’s CV.

Employment and career history, health information (compulsory health examination data, sick-leave certificate), data on training, ethical breaches, etc.

performance of record keeping function (within the framework of receiving, processing and sending a reply/request/e-mail) Name, surname, personal identification number, address, age, gender, date of birth, e-mail address and other information that the data subject indicates/adds in his/her application.


4.3. The Company may store and process the following types of your personal data for data processing purposes:





Categories of personal data Examples
Identification data name, surname, personal identification number, date of birth, data of the identity document.
Contact Information Address, telephone, e-mail address, etc.
Customer data identifying information; contact information;

information related to the service used (frequency, type, amount, number, etc.)

Employee data identifying information; contact information; education and employment data; financial data. Compulsory health examination data, work incapacity certificate, blood donor certificate, information about disability.
Financial data bank account number, delivery notes, amount of salary or remuneration, other payment data on the Company’s service used.
Management function data applications, agreements, orders, etc.


4.4. The specific amount of information depends on the specifics of the respective service to be provided, the purpose of data processing and the applicable regulatory enactments that regulate the conditions for the provision of the service.

  1. Categories of Recipients of Personal Data


5.1. Categories of Recipients of Personal Data:

5.1.1. data subject;

5.1.2. The Company and its authorised employees;

5.1.3. IT, server, mail, archiving, marketing, security, accounting services, debt collection service providers, utility and other service providers, land lessees, tax and fee administration institutions;

5.1.4. companies of the same group;

5.1.5. notaries, bailiffs, lawyers, consultants, auditors, brokers, insurers, credit institutions;

5.1.6. law enforcement and supervisory authorities, courts and other bodies involved in dispute resolution;

5.1.7. potential or existing successors of our business or part thereof or their authorised consultants or persons;

5.1.8. authorised persons of apartment buildings, associations, unions or commercial objects.


5.2. Company’s affiliated data processors may only process your personal data on our instructions and they may not use them for other purposes or transfer them to other parties without our consent. Such individuals may include database software maintainers, database administration service providers, data centre maintenance and cloud computing service providers. In each case, we only provide data controllers with as much data as is necessary to perform a specific task or provide specific services. In addition, they must ensure the protection of your data in accordance with the requirements of applicable laws and regulations and the written agreement concluded with us, which provides, among other things, for the permanent deletion of any of your data after the performance of our task or termination of cooperation.


  1. Transfer of personal data to a third country or an international organisation, and automated decision-making


6.1. The Company does not intend to transfer personal data to third countries or international organisations.

6.2. Automated decision-making is not carried out by the Company.


  1. Rights of the Data Subject


7.1. You have the right to receive our confirmation as to whether we process your personal data, as well as:

7.1.1. the right to get acquainted with your personal data and the way in which they are processed;

7.1.2. the right to request the rectification or, taking into account the purposes of the processing of personal data, to supplement incomplete personal data;

7.1.3. the right to request the erasure of your personal data;

7.1.4. the right to request the limitation of personal data processing;

7.1.5. the right to data portability;

7.1.6. the right to submit a complaint to the Data State Inspectorate;

7.1.7. the right to withdraw consent.

7.2 In the case of withdrawal of consent, we may keep your consent and proof thereof for a longer period, if necessary, to be able to protect our rights in connection with claims against us.

7.3. If you believe that our processing of your data violates the requirements of personal data protection legislation, we kindly ask you to contact us directly.

7.4. In an effort to protect the personal data of all our data subjects from unauthorised disclosure, we will need to verify your identity upon receiving your request to provide you with your data or the exercise of your other rights. For this purpose, we may ask you to present a personal identification document, as well as, if the request is related to a person you legally represent – birth certificate, power of attorney or other proof of representation, unless the situation allows your request to be fulfilled without such verification. If you do not prove your identity and/or representation, we will reject your request.

7.5. We may refuse to process your request for the execution of your rights or to charge a fee if the request is manifestly unjustified or excessive, in particular due to its regular recurrence.

7.6. If you want to exercise your data subject’s rights or you have other questions about the processing of your personal data, please contact us using the following contact information: [email protected], tel. 80001599, Dēļu iela 5, Riga, LV-1004.

  1. Storage of personal data


9.1 The Company shall keep personal data in accordance with its case nomenclature for no longer than is necessary to achieve the relevant purpose of personal data processing.

9.2 When selecting criteria for the storage of personal data, the Company shall take into account the conditions specified below:

9.2.1. whether the time period for personal data storage is determined or arising from the laws and regulations of the Republic of Latvia and the European Union;

9.2.2. how long it is needed to store personal data in order to ensure the implementation and protection of legitimate interests of the Company or the third party;

9.2.3. until the consent of the person to process personal data is withdrawn and there is no other legal basis for data processing, for example, to comply with the obligations binding upon the Company.

9.3 Upon providing the services, the Company complies with the special laws and regulations governing its obligation to retain certain data. If you want to learn detailed information, please contact the Company by using the contact details specified above.

9.4 Records of incoming and outgoing communication (e-mail, letters by mail), to ensure compliance with the Company’s legitimate interests, will be stored for a period not exceeding 5 years, unless the relevant communication reflects an illegal act or conduct, which will potentially help the Company or third parties to ensure their legitimate interests. In this case, the document in question may be kept until the legal interest has been ensured.

9.5. If the applicant has not been hired, the Company shall destroy or delete the information obtained within the recruitment process about the applicant within 6 months from the date of the decision on the relevant personnel. If it is necessary to retain information about a candidate for possible future recruitment to other positions, your consent as a candidate to the storage of data will be obtained.

9.6. For the purposes of quality control and improvement of the provision of public services, telephone conversations shall be recorded, of which each data subject shall be informed prior to the performance. If the data subject does not consent to such data processing, there are other channels of communication with the Company. Personal data is stored for 7 days from the date of their completion.

9.7. At the end of the storage period, personal data will be permanently deleted, unless there is an obligation to store them in accordance with regulatory enactments.

9.8. Prolonged storage of your personal data specified in this Policy can only be implemented if:

  • it is necessary for us to be able to protect our rights in relation to claims or complaints;
  • there are reasonable suspicions of illegal activities, which are the subject of an investigation;
  • your data is necessary for the proper handling of a dispute or complaint.


  1. Need to Provide Personal Data


Personal data is necessary and is used for the provision of the respective services, achievement of data processing purposes and realisation of the Company’s activities, to the extent necessary, in accordance with the requirements of regulatory enactments. If personal data is not provided, the Company has no legal basis to provide the relevant service to the data subject, as well as the purposes of personal data processing will not be achieved.


  1. Changes to the privacy policy

The Company reserves the right to make changes to its Privacy Policy if certain circumstances change that affect the regulation of personal data processing. The Company recommends to visit this section regularly for up-to-date information.