1. Personal Data Processing Manager:
The controller of personal data processing is SIA “A & A Logistic”, registration No. 40103438195, legal address: Biķernieku street 93 k-3 -9, Riga, Latvia, actual address: Katlakalna 11K, Riga, Latvia, LV-1073, phone 29233487 , the website www.new.aalogistic.eu, hereinafter referred to as the "Manager".
2. Applicable law:
ISO / IEC 17799: 2005;
ISO / IEC 27001: 2005;
Regulation No. 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (27 April 2016);
Personal Data Protection Law.
3. How the controller processes personal data:
4. Categories of personal data processed by the Controller:
4.1. The categories of personal data processed by the Controller depend on the services and / or work processes provided. This includes (but is not limited to) the following categories of personal data:
4.2. Name, surname, personal identification code / date of birth, correspondence address, telephone number and e-mail address, basis of representation;
4.3. Passport data;
4.4. Bank details;
4.5. Communication data - e-mail, letter, or other information about communication with the Manager;
4.6. Data which the data subject himself communicates to the Controller;
4.7. Video surveillance recordings;
4.8. Image photography;
4.9. Vehicle location data (GPS data);
4.10. Workstation control analysis data;
4.11. Work email, Internet and work phone control analysis data;
4.12. Website traffic data.
5. Purposes of data processing:
5.1. Customer service / cooperation with customers and partners
5.1.1. Management of customer relations (incl. Remote), ensuring the conclusion and execution of agreements, as well as ensuring the implementation of related processes, cooperation with customers and partners and ensuring the implementation of related processes;
5.1.2. Efficient cash flow management / Debt administration / Customer payment administration;
5.2. Compliance with regulatory enactments
5.2.1. Compliance with the requirements of regulatory enactments, providing answers to the requests of state institutions;
5.3. Establishment, accounting and maintenance of internal processes, document flow management
5.3.1. Business management, accounting, record keeping, archiving, provision of internal processes, labor relations, promotion of the company's image;
5.3.2. Filming, photography and audio recording of work events;
5.3.3. Video surveillance for employee, customer and manager security purposes;
5.3.4. Photographing / filming employees (as one of the job responsibilities) to promote the company's image in the market.
6. Justification for the collection and processing of personal data:
6.1. With the consent of the data subject - The data subject who has given his or her consent to the collection and processing of data.
6.2. Before or after concluding the Agreement - Management of Customer Relationships (incl. Remote), ensuring the conclusion and performance of agreements, as well as ensuring the implementation of related processes, cooperation with customers and partners and ensuring the implementation of related processes;
6.3. Legitimate interests of the controller - Provision of services; Identification of data subjects; Business management, accounting, record keeping, archiving, provision of internal processes; Promotion of the company's image and development of the company; Video surveillance for the security of employees, customers and the manager; Complaint handling and support in connection with the services provided; Efficient cash flow management / Debt administration / Customer payment administration; Litigation;
6.4. Legal basis - Fulfillment of the requirements of regulatory enactments, provision of answers to the requests of state institutions.
7. Acquisition of personal data of the data subject:
7.1. The controller obtains the personal data of the data subject when:
7.1.1. Identifies the data subject;
7.1.2. The Data Subject enters into an employment contract and the Controller ensures internal work processes;
7.1.3. Data of the data subject were obtained during the performance of work duties;
7.1.4. The data subject's data were obtained from incoming and / or transport documentation;
7.1.5. Data of the data subject were obtained by ensuring work processes;
7.1.6. The data subject's data were obtained by providing services;
7.1.7. Data of the data subject were obtained in compliance with the requirements of regulatory enactments;
7.1.8. From public databases;
7.1.9. The data subject is filmed or photographed with the Controller's video surveillance or photo equipment;
7.1.10. Data subject data were obtained from vehicle location control devices (GPS data);
7.1.11. Data subject's data were obtained from work telephone, e-mail, Internet, workstation control;
7.1.12. The data subject visits or browses the Controller's website (www.new.aalogistic.eu);
7.1.13. The controller may collect data on the data subject from other companies and partner companies.
8. Data subject's data processing:
8.1. The controller may process the data subject's data:
8.1.1. Identifying the data subject;
8.1.2. Employee selection process;
8.1.3. To enter into an employment contract or any other document relating to the employee;
8.1.4. To enter into and perform a service contract and / or arrangement;
8.1.5. During the provision of services;
8.1.6. Receiving incoming documents electronically and / or in paper format;
8.1.7. During the execution of work processes;
8.1.8. To process data on products and services purchased by the data subject from the Controller;
8.1.9. To answer any questions that the data subject may have when using the Controller's products or services;
8.1.10. Effective cash flow management / Debt administration / Customer payment administration time;
8.1.11. To promote the company's image.
9. Data subject's cookie processing:
9.1. Cookies are small text files that are created and stored on your device (computer, tablet or mobile phone) by visiting our websites. Cookies "remember" the user's experience and basic information, thus improving the ease of use of your site;
9.2. Cookies are used to process common user habits and site usage history, diagnose problems and deficiencies in the site's operation, collect statistics of user habits, as well as ensure full and convenient use of the site's functionality;
10. Data storage time:
10.1. While the Agreement is in force;
10.2. The term is specified in regulatory enactments;
10.3. To the extent necessary for the realization and protection of legitimate interests;
10.4. As long as the consent of the data subject is valid;
10.5. At the end of the period, all data of the data subject will be deleted or anonymised.
11. Sharing of personal data of a data subject:
11.1. The controller may share the data subject's data in the EEA (European Economic Area) in order to provide services and perform work tasks;
11.2. In order to comply with the provisions of regulatory enactments, the controller may share the data subject's data with law enforcement authorities, regulatory organizations, courts or other state institutions, if this is necessary or permitted by law;
11.3. Assignees and / or debt collectors - in order to ensure efficient cash flow management, the Manager has the right to assign claims against the debtor or debtors;
11.4. The controller will only release the data to a reasonable extent in order to protect the interests of the data subject, the controller against fraud, to protect the rights and / or property of the controller;
11.5. In order to provide services and perform tasks, the controller may need to transfer the data subject's data to other partner companies or service providers in countries outside the EEA (European Economic Area), ensuring specific data protection as required by the GDPR framework.
12. Protection of personal data of the data subject
12.1. The controller has worked hard to protect the data subject's personal data from unauthorized access, accidental loss, disclosure or destruction. To ensure this, the Manager uses modern technologies and technical and organizational requirements, including the use of firewalls, intrusion detection and analysis software, SSL encryption and anonymization;
12.2. The controller scrutinizes all service providers who process the data subject's data on behalf of the controller, the controller assesses whether appropriate security measures are applied and the data processing is as delegated by the controller and in accordance with existing legislation and data protection requirements and standards. Service Providers are not entitled to process the Controller's data for their own purposes;
12.3. The controller cannot be held liable for any unauthorized access or loss of personal data outside the competence of the controller, for example due to the fault / negligence of the data subject.
13. The data subject has the right to:
13.1.1. Access the data subject's data;
13.1.2. Contact the Manager at any time to obtain a copy of all data available to the Manager about yourself;
13.1.3. Correct all available data about yourself;
13.1.4. Request data to be deleted or data processing restricted;
13.1.5. To data portability;
13.1.6. Apply with a complaint to the supervisory authority - the State Data Inspectorate;
13.1.7. Contact the Data Protection Specialist of the Controller (tel. 29233487) for information on the data subject's data processing and its protection;
13.1.8. In the event of a threat to the data subject's data, the Controller will notify the data subject;
13.1.9. At any time, withdraw the consent given or given to the processing of the data by appearing in person at the Office of the Controller or by using the same method as the consent to the processing of the data;
13.2. In order to exercise your data subject's rights, you may submit a request for the exercise of your rights:
13.2.1. In writing in person at the Manager's office Katlakalna 11K, Riga, Latvia, LV-1073, presenting an identity document (passport or ID card);
13.2.2. Electronically using a secure electronic signature by sending a request to email@example.com.
14. Profiling and consequences of profiling:
14.1. The controller does not process the data subject's data through profiling and automated decisions.