Lursoft Privacy Policy

The purpose of Lursoft cy Policy, hereinafter – the Document, is to provide the natural person, the data subject, with information on the purpose, scope, protection and timing of the personal data processing during the data acquisition and processing of the personal data of the data subject.

List of sites  www.lursoft.lvwww.klientuportfelis.lv, www.zo.lvwww.news.lv, hereafter referred to as Portal.

Controller and its contact details

  1. The controller of processing of data of Portal users, hereinafter - Clients, is SIA Lursoft IT, hereinafter - Lursoft, unified registration number. 40003170000, registered office at 8 Matīsa Street, Riga, LV-1001.
  1. Lursoft contact details for personal data processing issues: gdpr@lursoft.lv. You may ask the questions on personal data processing by using this contact information or by visiting the  registered office of Lursoft during the business hours indicated. A request to the exercise your rights may be made in accordance with Paragraph 24 of the Document.
  1. The Portal may host services in regard to which Lursoft may be considered a processor. In such cases, both the system controller and the processor (operator) are listed separately in the service description. If the Client is provided with a service on the basis of a contract, for the purposes of the Personal Data Protection Laws and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter - the Regulation, it shall be considered that the contracting party first initiating the transfer of the personal data to the other party is a controller.   Within the framework of the Contract concluded with the Customer, Lursoft shall be considered as a processor (operator).

Scope of application of the Document

  1. Personal data is any information about an identified or identifiable natural person. Definitions of personal data, explanations and data categories are provided here.
  1. Privacy Policy applies to privacy and personal data protection with respect to
  • natural persons - clients, subscribers and service users (including potential, former and existing), as well as third parties (including contact points, payers, etc.) who receive from or transfer to Lursoft any information in connection with the provision of services to a natural person (subscriber, client , user);
  • Lursoft office visitors.
  1. Lursoft takes care of Client privacy and personal data protection, respects Client's right to lawful processing of personal data in accordance with applicable privacy and data processing laws.
  1. The Privacy Policy is applicable to data processing irrespective of the form and / or media by which the Client provides personal data (Lursoft Portal, paper or electronic format, or by telephone) and by which information systems (or in paper form) they are processed.
  1. For specific types of data processing (such as cookie processing, etc.), additional, specific rules may be set, regarding which the Client is notified of when providing the relevant data to Lursoft.

Purposes of personal data processing

  1. Lursoft processes personal data for the following purposes:

·         To provide services:

o    Client identification;

o    drawing up and conclusion of the contract;

o    provision of services (fulfilment of contractual obligations);

o    service provision / maintenance;

o    warranty liability fulfilment;

o    service improvement, development of new services;

o    service usage promotion;

o    advertising and distribution of services or for commercial purposes;

o    Client servicing;

o    handling and processing of objections;

o    Client loyalty building;

o    administration of payments and settlements;

o    debt recovery and collection;

o    Portal maintenance and improvement of the performance.

·         Business planning & analytics:

o    statistics and business analysis;

o    planning and record keeping;

o    effectiveness measurements;

o    data quality assurance;

o    market and public opinion research;

o    report processing;

o    Client surveying;

o    as part of risk management activities.

·         Provision of information to state authorities and subjects of operational activities in cases and to the extent prescribed by external regulatory enactments.

·         For other specific purposes for which the Client is notified at the time of providing the relevant data to Lursoft.

 

Legal basis for personal data processing

  1. Lursoft processes Client's personal data based on the following legal basis:
  • or the conclusion and execution of the contract - to conclude the contract after receipt of the Client's application and ensure its execution;
  • to comply with the regulatory enactments - to fulfil the obligations specified in the external regulatory enactments that are binding to Lursoft;
  • with the Client's, data subject's, consent ;
  • for the lawful (legitimate) interest - in order to exercise the lawful (legitimate) interests  of Lursoft resulting from the obligations existing between Lursoft and the Client or under a contract or law;
  1. The lawful (legitimate) interests of Lursoft are following:
  • carrying out business activities;
  • verification of the Client's identity before entering into the agreement;
  • securing the fulfilment of contractual obligations;
  • aving the Client's requests at the Portal, including applications, applications for the provision of services submitted at the Portal, and other applications and submissions, remarks regarding thereof, including those made orally by calling the Lursoft office and / or the Client's contact point;
  • analysis of the operation of the Portal's applications, development and implementation of improvements;
  • administration of the Client's account at the Portal;
  • segmentation of the Client database to provide services more efficiently;
  • development and improvement of services;
  • promotion of its services by sending commercial notifications;
  • sending other reports on the progress of the contract execution and events essential for the performance of the contract, as well as to conducting Client surveys regarding the services and the user experience;
  • fraud prevention;
  • ensuring corporate governance, financial and business accounting and analytics;
  • ensuring effective business management processes;
  • service provision and delivery efficiency;
  • provision and improvement of the quality of services;
  • payment administration;
  • turning to state administration and operational activity authorities and courts to protect its legal interests;
  • informing the public about its activities.

Personal data processing

  1. Lursoft processes Client's data using capabilities of the technologies, taking into account the existing privacy risks and organizational, financial and technical resources reasonably available to Lursoft.
  1. Lursoft can perform automated decision-making in relation to the Client. The Client shall be informed of such Lursoft activities separately in accordance with regulatory enactments. The Client may object to automated decision-making in accordance with the law, but shall be aware that in some cases it may limit the Client's right to use certain feature potentially available to the Client (e. g., to receive commercial offers, including receiving services on more favourable terms).
  1. Automated decision-making that creates legal consequences for the Client (e.g., approval or rejection of the Client's application) may only be performed in the course of the conclusion or performance of the contract between Lursoft and the Client, or on the basis of the Client's explicit consent.
  1. Lursoft may authorize its co-operation partners to perform separate service provision activities, such as the sending of commercial offers, for the quality and fast performance of the contractual obligations towards the Client. If, during performance of those tasks, Lursoft's cooperation partners process Client's personal data held by Lursoft, the relevant partners are considered Lursoft data processing operators (processors) and Lursoft is entitled to transfer Client's personal data necessary for the performance of such activities to the extent necessary for the performance of these activities.
  1. Lursoft's co-operation partners and companies (as a personal data processors) shall ensure the fulfilment of personal data processing and protection requirements in accordance with Lursoft's requirements and legislation and shall not use personal data for any other purpose than to fulfil, on behalf of Lursoft, the contractual obligations resulting from the Lursoft's contract with the Client.

Protection of personal data

  1. Lursoft protects Client's data using capabilities of state-of-the-art technologies, taking into account the existing privacy risks and organizational, financial and technical resources reasonably available to Lursoft, including following security measures:
  • Data encryption for transmitting data (SSL encryption);
  • Firewall;
  • Intrusion protection and detection programs;
  • Other protection measures according to current technical development possibilities.

Categories of recipientsof personal data

  1. Lursoft does not disclose the Client's personal data or any information provided during the servicing period and contract validity period, including information about the received services, to third parties, except:
  • if the data should be transferred to the third party concerned under the contract to perform a function required for execution of the contract or delegated by law;
  • in accordance with the Client's explicit and unambiguous consent;
  • to entities specified in external regulatory enactments at their justified request, in accordance with the procedures and to the extent prescribed by the external regulatory enactments;
  • for the protection of Lursoft's legitimate interests against a person who has violated the lawful interests of Lursoft, for example, in the courts or other state authorities in the cases specified in the external regulatory enactments.

 

Access to personal data by third country entities

  1. In individual cases, subject to the requirements of regulatory enactments, personal data held by Lursoft is accessed (transfer of data to the third countries in the meaning of the Regulation) by service providers in third countries (i.e., countries outside the European Union and the European Economic Area) as data processors (operators).
  1. In such cases, Lursoft ensures the application of the procedures specified in regulatory enactments for ensuring the level of processing and protection of personal data equivalent to that prescribed by the Regulation.

Duration of keeping of personal data

  1. Lursoft keeps and processes Client's personal data until at least one of the following criteria exists:
  • only as long as the contract with the Client is in effect;
  • until Lursoft or the Client may exercise their legitimate interests in accordance with the procedures specified in external regulatory enactments (for example, to file an objection or bring an action in court);
  • until one of the parties has a legal obligation to keep the data;
  • as long as the Client's consent to the relevant processing of personal data is in force, unless there is another legitimate basis for the processing of the data.
  1. After expiration of the circumstances referred to in paragraph 21, the Client's personal data shall be deleted.

Access to personal data and rights of the Client

  1. The Client is entitled to receive the information specified in regulatory enactments regarding the processing of his/her data. Most of the Client's information is placed on the portal www.lursoft.lv under section My Data in the System[Mani dati sistēmā], where the Client can verify the correctness of his/her data and correct it.
  1. The Client also has the right, in accordance with regulatory enactments, to request Lursoft to supplement, correct or delete his/her data, or to limit processing in respect to the Client, and the right to object to the processing (including the processing of personal data based on Lursoft's lawful (legitimate) interests)), and the right to data portability. These rights can be exercised insofar as the processing of data does not result from Lursoft's obligations imposed on it by applicable laws and regulations and is made in the public interest.
  1. The Cleint may submit a request to exercise his/her rights:
  • until Lursoft or the Client may exercise their legitimate interests in accordance with the procedures specified in external regulatory enactments (for example, to file an objection or bring an action in court);
  • by electronic mail, signing the application with a secure electronic signature;
  • by an application in written form signed by the Client, submitted to Lursoft's registered office by presenting a personal identification document confirming the Client's identity.
  1. Lursoft shall send a reply to the Client by mail to the address indicated by him/her or to the e-mail address indicated in the application, signed with a secure electronic signature.
  1. Lursoft ensures fulfilment of data processing and protection requirements in accordance with regulatory enactments and in case of Client's objections performs proper action to resolve the objection.

Customer's consent to data processing and right to revoke it

  1. Client can consent to the processing of personal data, the legal basis of which is the consent (e.g., analysis of service usage data, individualized advertisement, etc.), at the self-service portal www.lursoft.lv , on Lursoft service application forms, at Lursoft service portals, at Lursoft and other websites (for example, sign-up forms for receiving newsletters).
  1. The Client has the right at any time to revoke the consent given to the data processing in the same way as it is given, i.e., at the portal www.lursoft.lv , in which case further processing of data based on the above-mentioned consent for the specific purpose will not be performed.
  1. The withdrawal of consent shall not affect the processing of data performed at the time the Client's consent was in force.
  1. Withdrawal of consent shall not interrupt the data processing carried out on other legal basis. 

Communication with the Client

  1. Lursoft communicates with the Client using the Clients's contact information (phone number, e-mail address, postal address, and via the Portals using app messages (notifications)).
  1. Lursoft conducts communication regarding the fulfilment of contractual service obligations on the basis of a contract concluded (for example, coordination of service delivery, invoice information, changes in services, etc.).

Commercial communications

  1. Lursoft shall communicate commercial announcements regarding Lursoft and / or third party services and other communications not directly related to the provision of the contracted services (e.g., customer surveys) in accordance with the external regulatory enactments or with the Client's consent.
  1. Client may consent to receive Lursoft's and / or its business partners' commercial communications at the Portal, on Lursoft application forms, at Lursoft and other web sites (for example, sign-up forms for receiving newsletters).
  1. Client's consent to receive commercial communications shall be valid until withdrawn (also after termination of the service contract). The Client may at any time forgo further commercial communications in any of the following ways:
  • by making an appropriate mark at his/her user profile at Lursoft Portal www.lursoft.lv ;
  • by sending an email to info@lursoft.lv ;
  • by using the automated option provided in the commercial communication to opt out of receiving further communications by clicking on the opt-out indication at the end of the relevant commercial communication (e-mail).
  1. Lursoft shall stop sending commercial communications as soon as the Client's request is processed. The processing of the request depends on the technological and organizational capabilities, and may take up to two business days.
  1. By expressing his/her opinion in the surveys and leaving his/her contact details (e-mail, phone), the Client agrees that Lursoft may contact him/her regarding the assessment given by the Client by using the contact details provided.

Cookie processing

  1. Lursoft websites may use cookies. The cookie processing terms and conditions are attached in the attachment and are available here.
  1. Lursoft websites may contain links to third party websites that have their own usage and personal data protection rules, for which Lursoft is not responsible.

Other provisions

  1. Lursoft has the right to make additions to the Privacy Policy by making its current version available to the Client, indicating its effective date and publishing it on the Lursoft website.
  1. Lursoft provides previous versions of the Privacy Policy and they available on the Lursoft website.