Data controller is SIA Ducodot, reg. No. 40003784665, legal address: Zalves iela 45-6B, Riga, LV1046 (hereinafter referred to as – DUCODOT).
Further privacy conditions are published in order you would be aware of how we collect, use and protect your personal data.
When using the website ww.ducodot.lv or social network sites, you agree with these Privacy Conditions.
DUCODOT shall undertake to comply with the rights of the CLIENT to legal data processing and data, system protection, including also complying with the requirements of regulatory enactments applicable for personal data processing. The purpose of establishment and publication of this privacy and personal data processing policy document (hereinafter referred to as – the POLICY) shall be to provide to the CLIENT the planned information regarding the fact how clients data are processed during provision of services by DUCODOT and what rules are obeyed by all employees of the company.
We shall be entitled to make supplementations to this POLICY, making the updated version available to CLIENTS by placing it on our website.
- Purpose of the Policy
The purpose of the information security system of DUCODOT is to protect employees, partners and clients of DUCODOT from unlawful or harmful direct or indirect, deliberate or unconscious activities of persons, while processing information and data, appearing at the disposal of the certain persons, as well as using the equipment planned for fulfilment of their work duties.
This policy shall regulate information processing in any systems or any carriers, being involved in the data/ information processing of DUCODOT, regardless of the fact, whether the data/ information processing is related to internal commercial operations of the Company during provision of SERVICES or external relations with the Partners, CLIENTS or any third persons.
Our POLICY shall regulate also how the Employees use the equipment and tools available to them within the scope of performance of their duties.
- Classification of information
Any information/ data, which become available to the Employees, when performing their work duties, if such information/ data is related to DUCODOT and operations, clients or cooperation partners thereof, shall be considered as belonging to DUCODOT and the confidential information, which thus shall be protected by the relevant applicable regulatory enactments regarding protection of confidential information, commercial secrets and personal data.
In order to ensure proper information and data protection, DUCODOT shall perform the internal classification of information. Information/ data shall be protected, regardless of the fact whether such information has appeared at the disposal of an Employee in a form of printed materials, any data storage devices, in the form of audio/video materials or any other way.
That is information that you provide to DUCODOT on the voluntary basis, in order we could provide the performance of services or fulfilment of liabilities. We request only those data that are reasonably required. Such data may include your name, surname, telephone number, e-mail address, personal identity number (for invoices and contracts), address and other information.
In order to visit the website www.ducodot.lv it is not necessary to provide personally identifiable information.
Automatically acquired information
When using the website www.ducodot.lv, social network sites, the tools and technologies thereof shall automatically collect and save certain data that shall not identify you as a particular person. Such data include information on the fact how you use our website and social network pages: what browsing programme or device, including cookies, URL information, network connection type, language and internet connection, IP address and operating system. These data are used in order to facilitate and accelerate access to the possibilities and information of the website. Automatically acquired information shall be used for statistical data, in order to improve the operation of the website www.ducodot.lv and social network pages and personalize the offers of DUCODOT.
Use of e-mail and phone number
When contacting with DUCODOT via e-mail or phone, e-mail messages and a list of received and outgoing calls and SMS are saved. DUCODOT shall undertake to maintain confidentiality of e-mail, telephone calls and SMS. Such information shall not be disclosed, revealed or transferred to third persons.
If the CLIENT does not want to receive e-mails of news further on, the CLIENT may refuse at any time from them by writing to email@example.com.
DUCODOT shall reserve the right to provide your information to legal successors in case of sale, transfer, restructuring or reorganisation of the company.
- Systems involved in the data/ information processing
Any information systems, computer engineering, any type of software, any storage environment, network accounts, and electronic mail accounts and any other technical basis and tools, used for the operation of DUCODOT, shall be considered as the property of DUCODOT.
Any information systems, any type of software, any storage environment, network accounts, electronic mail accounts and any other technical basis and tools, used for and becoming available during cooperation with the CLIENTS of DUCODOT, shall be considered as the property of the CLIENT.
Every Employee shall have an obligation to use such technical equipment and tools with proper care and attention, and only for the purposes related to commercial activity of DUCODOT.
Employees may have access only to such devices of the COMPANY, CLIENTS or PARTNERS, directly required for performance of SERVICES or necessary for performance of direct work duties of the relevant Employees within the framework of responsibility thereof. Access rights to any system shall not mean that the Employee shall be authorised to view or process a part or all information available in the relevant system.
- Duties of employees
Any information/ data, appearing at the disposal of the Employee, when providing SERVICES, performing his/her work duties, shall be considered as confidential and to be used as confidential ones, taking into account the protection thereof, in accordance with this Policy, and they shall not be disclosed to third persons.
All personal data and other information, through which a natural person may be identified, shall be collected and processed only when it is necessary and to the extent it is necessary for the purpose of performance of direct work duties of the Employee, provided that such activities are performed within the framework of work tasks given and authorisation granted to the Employee and only in accordance with the data protection requirements provided for by law.
Any Employee shall have an obligation to comply with this Policy as well as to perform the requirements of the effective local, regional or international regulatory enactments, providing conditions for information/ data processing and protection. Failure to comply with this Policy shall be considered as a significant violation of the set work order. The EMPLOYEE, who has violated this POLICY and personal data processing rules, may be called to administrative or criminal justice.
- Security measures
Requirements of this Policy and any regulatory enactments shall be applied to all data and information collected in any form (printed, electronic form etc.) in relation to data/ information collection, processing, protection and storage, and destruction, and such documents shall be stored at the safe place specified by DUCODOT with the storage term, provided for by the applicable law and/or specified by DUCODOT.
It shall be prohibited for Employees to store any confidential information on their devices, except for information, which shall be temporary necessary for the specific activity related to work. All necessary confidential and personally identifiable information shall be stored only in the cloud storage of DUCODOT, internal network of DUCODOT or data storages of the CLIENT. Any downloading of such data on local devices should be avoided and it shall be performed only if it is reasonably necessary in relation to information processing for work needs.
In the case if the rights have been granted to an Employee to access the file storage system of the CLIENT or cooperation PARTNER of DUCODOT, the Employee shall have an obligation to use the access tools granted by the CLIENT or the PARTNER and to comply with the instructions provided regarding the requirements of safe information/ data processing (including encryption system, passwords use, data use restrictions, use of specifically provided places of location etc.).
As soon as, according to discretion of DUCODOT, the protected data/ information are not necessary anymore for operation of DUCODOT or provision of SERVICES, such data/ information shall be deleted, all copies thereof shall be destroyed, and the Employees involved in the relevant information/ data processing shall be accordingly informed on their duty to delete/ destroy and return information/ data back to DUCODOT, which shall not be necessary for them anymore for performance of their work duties and, in particular, to return to DUCODOT, to delete and destroy copies, when employment legal relationship is terminated with the relevant Employee.
No information/ data referred to in this Policy shall be sent, transferred and submitted in any other way to any Third party, unless it shall be required for performance of the particular task of the Employee and to the extent it is necessary for performance of such duties. In case if data are transferred or submitted to Third parties, the data protection shall be provided and all relevant security measures shall be performed.
DUCODOT shall audit the systems used for information/ data processing in order to control constant compliance thereof with this Policy and the applicable regulatory requirements.
- Prohibited Activities
The EMPLOYEE, except for specially provided exceptions, shall not be permitted in any case and in any circumstances to use equipment, systems or tools owned DUCODOT, CLIENTS or cooperation PARTNERS thereof for the purposes that are not related to the work obligations of the Employee or activities of DUCODOT.
The following activities shall be prohibited:
- Infringement of rights protected by intellectual property rights of any person or company, including, use, installation, copying, distribution or storage of any illegal software, online platforms, any other electronic content, which DUCODOT or the CLIENT is not licensed to use, in the systems or on the equipment of DUCODOT or the CLIENT;
- Violation of rights of any person by collecting and processing the personal data of the relevant subject in an excessive manner and without any need;
- Access to data, server or accounts for the purposes, which are not related to the commercial activity of DUCODOT or performance of SERVICES or work duties of the relevant Employee;
- Exporting of software, technical information, encryption software or technology by violating the applicable international or national regulatory enactments and/or instructions of DUCODOT and the CLIENT;
- Disclosure of the password of the Employee’s account to other persons and providing access to other persons to IT and mobile equipment, when using such account (including, but not limited to family members of the Employee);
- Creation and sending of fraudulent products, goods or services, or products or services of third persons by using accounts of DUCODOT or CLIENTS;
- Implementation of network communication security breaches or interruptions. Such security violations shall include, but not be limited to, access to data, if the Employee is not the planned recipient thereof, or logging in to the server or account, for which the Employee has not been clearly authorised to access, unless such access rights are granted to the Employee in relation to participation of the relevant Employee in the particular project of DUCODOT;
- Use of any programme/ script/ command or sending of any type of message, with or without a purpose, but hindering or disabling the work of employees of the COMPANY or CLIENTS.
- Reporting on security incidents
Any information/ data processing security incidents or possible incidents shall be promptly reported to the responsible persons, which shall accordingly perform all measures for elimination of the possible harm, elimination of consequences of the caused harm and implementation of the previous or higher security level.
If appropriate, DUCODOT shall have a duty to ensure further reporting on the data/ information security infringement to management of the CLIENTS, supervisory authorities and involved natural persons, like it is provided by the cooperation agreements with the CLIENTS, applicable regulatory enactments and/or laws of the European Union.
- Personal data in DUCODOT
Personal data in DUCODOT are available and are processed only for one purpose – provision of information to the state administration authorities and subjects of investigatory operations in the cases and in the scope determined by external regulatory enactments.
The acquired personal data are registered electronically and may be used only for the following purpose – in order to fulfil the obligation determined to DUCODOT by the binding external regulatory enactments, out of which the legal basis or personal data processing arise – fulfilment of regulatory enactments.
We do not transfer the acquired Data to third parties, we do not sell, lease and exchange Client’s Data, except the cases, when disclosure of such data is required by law as well as in cases described below.
We disclose personal data within the framework of the European Union through safe data transmission methods and only to such cooperation partners, who are involved in the provision of activities of DUCODOT or SERVICES, for example accounting service providers. Such our partners shall process personal data confidentially and in accordance with the requirements of legislation, and only for the purposes of provision of such services. Besides, they shall be required to process personal data in accordance with these data protection guidelines and applicable legislation.
Disclosure of information to other third person shall be performed in a safe manner and only on the basis of legally reasonable request or activity determined in law.
We care for safety of data of us and CLIENTS and we use all available technical and organisational possibilities to the reasonable extent in order to store data in a way that they are not available to third parties. All data shall be stored on servers, being in compliance with high safety standards, and shall be protected against unauthorised access and unlawful use.
In accordance with the Personal Data Processing Law and Personal Data Protection Regulation, our duty is to provide to data subject information on that fact what data on him/her is being at our disposal, except exceptions determined in law. In the case if the Client will not request us to provide this information more frequently than it is provided in regulatory enactments, we shall provide it for compensation, it will be in the amount in order to cover expenses caused by provision of such information.
For submission of the request for information, please, use the e-mail address: firstname.lastname@example.org.
Upon receiving the request of the data subject on use of his/her rights, we shall make sure on the identity of the CLIENT, assess the request and fulfil it in accordance with regulatory enactments within a reasonable period of time.
- Other Information
Date of development of the document: 01 August 2018.
Date of publication on the internet: 21 February 2020.