We respect your privacy, therefore the security of your personal data is our priority. We use appropriate organizational and technical means to ensure permanent security of your personal data.
We comply with the requirements of personal data protection laws and in every data processing process, we take care to collect only the information that is necessary to achieve the purposes set out in this policy.
The policy covers:
1. for natural persons – service recipients of Civinity group companies in Latvia (including potential, former and current);
2. For employees of Civinity group companies in Latvia (including potential, former and current employees);
3. to employees of various service providers who provide services to Civinity group companies in Latvia;
4. submitters and recipients of correspondence with Civinity group companies in Latvia;
5. For visitors of the website managed by Civinity group companies in Latvia.
1. Manager and its contact information
The controller of personal data processing is the companies of the Civinity group in Latvia:
AS “Civinity Mājas”, legal address: Dēļu iela 5, Riga, LV-1004
SIA “Civinity Mājas Jūrmala”, legal address: Dubultu prospekts 3, Jūrmala,
SIA “Civinity Solutions”, legal address: Dēļu iela 5, Riga, LV-1004
SIA “Civinity engineering LV”, legal address: Dēļu iela 5, Riga, LV-1004
(hereinafter – the Company), tel. +371 8000 1599, e-mail: [email protected]
2. Purposes of personal data processing
2.1. The purposes of personal data processing are:
2.1.1. for the provision and administration of services (see more on the website https://civinity.lv/ in the “Services” section):
• for customer identification;
• for the preparation, conclusion and execution of contracts with clients;
• to fulfill accounting requirements;
• for real estate management;
• for providing engineering solutions;
• for settlement administration;
• debt collection from debtors;
• for consideration of customer objections and quality control;
• for promotion of customer loyalty, satisfaction measurements.
2.1.2. for the provision of information to state administrative institutions and subjects of operational activity in the cases and to the extent specified in external regulatory acts;
2.1.3. personnel management, including: personnel selection; concluding and executing an employment contract; accounting of working hours; ensuring the calculation of wages and the execution of wages; fulfillment of accounting requirements (designation of relevant excuse documents, design of business trip); provision of social benefits for employees (health insurance); recording and control of performance of work duties;
2.1.4. fulfilling the requirements of regulatory acts by implementing policy 2.1.1. the provision of the services referred to in point;
2.1.5. Implementation of the legitimate interests of the company and its customers: improvement of services, development of new services;
2.1.6. performing clerical functions (receiving, registering submissions/e-mails/requests, sending replies, etc.;
2.1.7. processing of the received application / e-mail / request and preparation of the response.
2.1.8. for website maintenance and performance improvement;
2.1.9. Quality control.
3. Legal basis for personal data processing
3.1. The company processes your personal data based on the following legal bases:
3.1.1. with the data subject’s consent (Article 6, paragraph 1, subparagraph a) of the Regulation);
3.1.2. the processing is necessary for the performance of a contract with the data subject (employee, customer) or for taking measures at the request of the data subject before concluding the contract (Article 6, paragraph 1, subparagraph b) of the Regulation);
3.1.3. in cases where the processing is necessary to exercise or defend the Company’s legal interests in court (Article 6(1)(f) and Article 9(2)(f) of the Regulation);
3.1.4. for the assessment of the employee’s work capacity (Article 9, paragraph 2, subparagraph h) of the Regulation);
in cases where the processing is necessary to ensure the legitimate interests of the Company (to organize an effective service provision process, to receive payment for the services provided) (Article 6, Clause 1, subparagraph f) of the Regulation);
3.1.5. the processing is necessary to fulfill a legal obligation attributable to the Company (Article 6, paragraph 1, subparagraph c) of the Regulation).
4. Amount of personal data to be processed
4.1. When the data subject receives services, in accordance with the requirements of regulatory acts, the Company is obliged to process the data subject’s identifying information and information related to the type, amount, number, etc. of the service used.
4.2. The categories of personal data processed by the Company depend on the purpose and type of data processing:
|Purpose of personal data processing||Personal data|
|Real estate management (to ensure the mandatory and other management activities specified in the regulatory acts (Article 6, subparagraph c) of the Regulation), as well as for checking questionnaires and protocols submitted by apartment owners of residential buildings and for the execution of community decisions, identifying the client, communicating with the client or its authorized persons, management and residential/non-residential premises rental/lease agreement preparation, conclusion and proof of the fact of conclusion, record keeping and household affairs, delivery of invoices, administration of settlements, provision of information to state administrative authorities in the cases specified in regulatory acts (Article 6, Clause 1 of the Regulation subparagraph (b)||name, surname, personal identification number (other personal identification number), authorized person’s name, surname, personal identification number (other personal identification number), bank account, data on real estate owned by a natural person (address, cadastral number, area, ownership/use rights date of acquisition and legal basis, date of termination of property rights/rights of use), declared and actual residential address, bank account information and contact information (telephone number, electronic address), contract number, contract registration date, time of performance of management activities, person declared as owner number, water, electricity, thermal energy, gas, etc. amount of consumption, information on settlements (invoice number, date, amount, method of receipt of the invoice, date of payment, amount of debt, information on debt recovery/collection.|
|Personnel selection||All information included in the CV submitted by the candidate, as well as information obtained from persons who have provided feedback on the candidate based on their consent. In case the candidate is invited to a job interview, the information provided during the job interview, completed tests and other tests.|
|Human Resource Management||Name, surname, personal identification number, address, telephone number, e-mail address, position, salary, hours worked, bank account number, periods of sick leave, number of children and their birth years, work experience, information on education and qualifications, language skills, etc. information containing personal data related to personnel management and information provided in the candidate’s CV.
Employment and career history, information on health (mandatory health examination data, disability sheets), on training, on ethical violations, etc.
|Carrying out the clerical function (as part of receiving, processing and sending a response to a submission / request / e-mail)||Name, surname, personal identification number, address, age, gender, date of birth, e-mail address and other information that the data subject indicates/adds in his/her application.|
|For providing engineering solutions||Name, surname, address, telephone, e-mail, representative, position, owned or owned equipment/engineering networks, property address|
4.3. The Company, implementing the purposes of data processing, may store and process the following types of your personal data:
|Categories of personal data||Examples|
|Identification data||first name, last name, personal identification number, date of birth, identity document data, basis of representation.|
|Contact information||Address, telephone, e-mail addresses, etc.|
|Customer data||identifying information; contact information;
information related to the service used (frequency, type, amount, number, etc.)
|Employee data||identifying information; contact information; education and employment data; financial data. Mandatory health check-up data, Incapacity for Work sheet, certificate of blood donor, information on disability|
|Financial data||bank account number, waybills, amount of salary or remuneration, other payment data for the used Company service.|
|Management function data||submissions, contracts, orders, etc.|
|Property data||Property address, cadastral number, area, property registration data, composition, encumbrances, utilities in the property.|
4.4. The specific amount of information depends on the specifics of the respective service provided, the purpose of data processing and the applicable laws and regulations that regulate the conditions of service provision.
5. Categories of recipients of personal data
5.1. Categories of recipients of personal data:
5.1.1. data subject,
5.1.2. The Company and its authorized employees;
5.1.3. For providers of IT, server, mail, archiving, marketing, security, accounting services, debt collection services, utility and other service providers, land lessors, tax and fee administration institutions, institutions monitoring the technical condition of equipment, Construction Information System;
5.1.4. companies of the same group;
5.1.5. notaries, bailiffs, lawyers, consultants, auditors, brokers, insurers, credit institutions;
5.1.6. law enforcement and supervisory authorities, courts and other institutions dealing with dispute resolution;
5.1.7. potential or existing acquirers of our business or part thereof or their authorized advisers or persons;
5.1.8. authorized persons of apartment buildings, associations, associations or commercial objects, other co-owners.
5.2. The data processors involved in the company can process your personal data only according to our instructions and may not use them for other purposes or transfer them to other persons without our consent. Such persons may be database software maintainers, database administration service providers, data center maintenance and cloud computing service providers. In each case, we submit to data processors only the amount of data that is necessary for the performance of a specific task or the provision of specific services. In addition, they must ensure the protection of your data in accordance with the requirements of applicable laws and the written agreement concluded with us, which provides, among other things, for the permanent deletion of any of your data after the completion of the task given by us or the termination of cooperation.
6. Sending personal data to a third country or an international organization and automated decision-making
6.1. The Company does not intend to send personal data to third countries or international organizations.
6.2. Automated decision-making is not carried out in the Company.
7. Rights of the data subject
7.1. You have the right to receive our confirmation as to whether we are processing your personal data, as well as:
7.1.1. the right to familiarize yourself with your personal data and the manner in which it is processed;
7.1.2. the right to request correction or, taking into account the purposes of personal data processing, to supplement incomplete personal data;
7.1.3. the right to request deletion of your data;
7.1.4. the right to request that the processing of personal data be restricted;
7.1.5. the right to data portability;
7.1.6. the right to submit a complaint to the Data State Inspectorate;
7.1.7. right to withdraw consent.
7.2. In case of withdrawal of consent, we can also store your consent and proof of it for a longer period, if it is necessary to be able to protect our rights in connection with demands and claims made against us.
7.3. If you believe that we are processing your data in violation of the requirements of personal data protection regulations, we invite you to contact us directly.
7.4. In order to protect the personal data of all our data subjects from unlawful disclosure, we will need to verify your identity upon receiving your request to provide data or to exercise your other rights. For this purpose, we may ask you to present an identity document, as well as, if the request refers to your legal representative, a birth certificate, power of attorney or other document confirming representation, except if the situation allows us to fulfill your request without such a check. If you do not confirm your identity and/or representation, we will reject your submitted request.
7.5. We may refuse to consider your received request for the exercise of rights or ask for a corresponding payment for it, if the request is clearly unfounded or excessive, in particular due to its regular recurrence.
7.6. If you want to exercise your data subject rights or have other questions about the processing of your personal data, please contact us using the following contact information: pers[email protected], tel. 80001599, Dēļu iela 5, Riga, LV-1004.
8. Storage of personal data
8.1. In accordance with its case nomenclature, the company stores personal data for no longer than is necessary to achieve the purpose of the relevant personal data processing.
8.2. When choosing the criteria for personal data storage, the company takes into account the following conditions:
8.2.1. whether the period of storage of personal data is determined or follows from the regulatory enactments of the Republic of Latvia and the European Union;
8.2.2. for what period it is necessary to store the relevant personal data in order to ensure the realization and protection of the legitimate interests of the Company or a third party;
8.2.3. until the consent given by the person to the processing of personal data has not been withdrawn and there is no other legal basis for data processing, for example, to fulfill the Company’s binding obligations.
8.3. When providing services, the Company complies with special laws and regulations, which determine its obligation to store individual data. If you want to know detailed information, please contact the Company using the above contact information;
8.4. The records of incoming and outgoing communications (e-mails, postal letters) will be kept for a period not exceeding five years, in order to ensure that the Company’s legitimate interests are respected, unless the relevant communication reflects potentially illegal behavior or behavior that will possibly help the Company or to ensure their legal interests to third parties. In this case, the relevant document may be kept until the legal interest is secured.
8.5. If the applicant has not been hired, the Company destroys or deletes the information about the applicant obtained as part of the personnel selection process within 6 months from the day when the relevant personnel decision was made. If it is necessary to save information about the applicant for possible future recruitment for other positions, you as the applicant will consent to data storage.
8.6. For the purpose of quality control and improvement of the company’s service provision, recordings of telephone conversations are made, of which each data subject is informed before it is made. If the data subject does not agree to such data processing, there are other communication channels with the Company. Personal data is stored for 3 (three) months from the date of its processing.
8.7. After the end of the storage period, personal data will be permanently deleted, unless there is an obligation to store them in accordance with regulatory enactments.
8.8. Longer storage of your personal data specified in this Policy can only be implemented if:
• it is necessary for us to protect our rights in relation to claims, claims or demands;
• there are reasonable suspicions of illegal activities that warrant an investigation;
• Your data is necessary for the proper handling of a dispute, complaint.
The need to provide personal data
Personal data is necessary and is used for the provision of relevant services, the achievement of data processing purposes and the implementation of the Company’s activities, to the extent necessary for this, in accordance with the requirements of regulatory acts. In the event that personal data is not provided, the Company has no legal basis to provide the relevant service to the data subject, and the purposes of personal data processing will not be achieved.