Privacy Policy

2. General description of our processing of personal data

The purpose of this notice is to provide you with an opportunity to familiarise yourself with our personal data processing rules. We will provide you with access to this notice when you submit your CV for employment. We will also provide access to those persons whose data has been provided to us by employees or candidates (e.g. relatives’ data, data of referees, etc.). EVELATUS Ltd reserves the right to amend and update this notice as necessary.

This notice will provide you with a general overview of our processing activities and purposes, however, please note that other documents (e.g. Terms and Conditions of employment, employment contract, internal procedures and instructions) may also contain additional information about the processing of your personal data.

We are aware that personal data is an asset for you and we will process it in a way that respects confidentiality requirements and takes care of the security of your personal data in our possession.

3. For what purposes do we process your personal data and what is the legal basis?

3.1.1 For this purpose, we collect CVs from candidates, we contact the candidate and references identified by the candidate to collect references. With the candidate’s consent, we retain CVs for other competitions and, in order to be able to defend our interests in legal proceedings, we retain data to respond to claims and cases brought before the courts.

3.1.2 For this purpose, we may need at least the following personal data:

– name, surname, contact details (e-mail, telephone number);

– information on the candidate’s education and previous work experience;

– information and contact details of persons who can provide references;

– references of the candidate;

– other information that may be relevant for the performance of the job and for identifying the most suitable candidate.

3.1.3 The main legal bases to be used to achieve these purposes are:

– Consent (Article 6(1)(a) of the General Data Protection Regulation) to the fact of submitting a CV and to the retention of CVs for future competitions;

– the conclusion of a contract with the data subject (Article 6(1)(b) of the GDPR) for the processing of the data of candidates for whom the decision to conclude an employment contract has been taken;

– the performance of a legal obligation (Article 6(1)(c) of the GDPR) in certain cases for certain types of data where the legislation lays down minimum requirements for a specific job;

– the legitimate interests of the controller (Article 6(1)(f) of the GDPR) in relation to the provision of evidence in the event of potential claims, as well as in relation to the minimum amount of information to be requested.

3.2.1.For this purpose, we will collect the information required to be included in the employment contract and its annexes, identify you, verify your qualifications, draw up the employment contract, provide you with an e-mail address for work purposes, assign you a user name to access the relevant information systems, and keep track of your working hours, the work you have done, in some cases, if necessary for the performance of your duties, we will share your job title and contact details with our business partners and clients and other employees, calculate and pay your wages to your nominated current account, check your health status and collect other information necessary for your employment.

3.2.2 For this purpose and for the sub-purposes set out above, we may need at least the following personal data:

– Employee’s name, personal identification number;

– home address, telephone number;

– date of commencement of the employment relationship, place of work, position;

– details of the employee’s education and qualifications;

– description of the duties to be performed, position, remuneration;

– evidence of performance of the duties, the employee’s appraisals, the employee’s state of health.

3.2.3 The main legal bases to be used to achieve these purposes are:

– the conclusion of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation);

– the fulfilment of a legal obligation (Article 6(1)(c) GDPR) – in relation to the information to be reflected in the employment contract and the necessary qualification requirements;

– the performance of the controller’s duties and the exercise of rights in the field of employment (Article 9(1)(b) of the GDPR) – for the processing of special categories of data (health data, trade union membership).

3.3.1 For this purpose, we would need to comply with the requirements of the Labour Law, the Labour Protection Law, the Accounting Law, the Archive Law and other laws and regulations. Also, in certain cases, we would be required to provide relevant information about you to public authorities (e.g. the State Revenue Service, the State Labour Inspectorate, bailiffs, investigative authorities, courts, supervisory authorities) on the basis of their statutory rights.

3.3.2 For this purpose, we may need to process the following personal data: – – any information about you requested by public authorities;

– health data for the purposes of statutory health checks and accident investigations;

– information about your trade union membership in the event of notice;

– information on children (age, name) to ensure the granting of additional leave days, information on your activities as a donor to ensure the granting of a paid day, etc. information that the legislation requires to be collected.

3.3.3 The main legal bases used to achieve these purposes are:

– Compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation);

– the performance of the controller’s obligations and the exercise of rights in the field of employment (Article 9(1)(b) GDPR) – for the processing of special categories of data (health data, trade union membership).

3.4.1 Within this purpose, we could provide you with various “social benefits”, such as the organisation of corporate events and promotions. Facilitating effective communication. For training and business trips. We could also collect information to tailor the working environment to you, we could inform other colleagues about your anniversaries, your absences and publish pictures of employer-organised events.

3.4.2 For this purpose, we might need at least the following personal data: information about important events in your life, your anniversaries, photos/videos from events, in some cases your health condition, to ensure an appropriate working environment, etc.

3.4.3 The main legal bases used to achieve these purposes are:

– consent of the data subject (Article 6(1)(a) and 6(1)(f) of the General Data Protection Regulation) – e.g. for the publication of anniversaries, organisation of employee training, publication of photographs from events, provision of an appropriate working environment

– the performance of the controller’s duties and the exercise of rights in the field of employment (Article 9(1)(b) of the General Data Protection Regulation) – for the processing of special categories of data (health data), e.g. to ensure an appropriate working environment.

3.5.1 For this purpose, we would need to carry out video surveillance of our premises, buildings and outlets;

– use personal data processors for various functions;

– exchange information within the group of companies where necessary;

– to exercise the rights conferred by law or regulation for the purposes of their legitimate interests, to record working time, to record employee access to certain premises and information systems;

– control the protection of our trade secrets and personal data of our customers, e.g. by controlling outgoing shipments, checking the performance of an employee’s duties, in certain cases transfer information about you to business partners or customers or potential customers (in the context of procurement), if this is necessary for us to be able to

3.5.2 For this purpose, we may need to process at least the following personal data:

– data contained in video recordings, data recorded by access control systems concerning visits to premises or connections to information systems, your name, title and contact details, in certain cases, the content of outgoing emails in the event of risks being identified, etc.

3.5.3 The main legal bases used to achieve these purposes are:

– the legitimate interests of the controller (Article 6(1)(f) of the General Data Protection Regulation).

4. Who would have access to your personal data?

Your personal data could be accessed as necessary:

1) our employees or directly authorised persons who need to do so for the performance of their duties, such as accountants, line managers or, if the data is public, all employees;

2) personal data processors in accordance with the services they provide and only to the extent necessary, e.g. auditors, financial management and legal consultants, database developer/technical maintainer, other persons involved in the provision of the controller’s services;

3) State and local authorities in cases provided for by law, e.g. law enforcement authorities, municipalities, tax authorities, bailiffs;

4. third parties, subject to a careful assessment of whether there is an appropriate legal basis for such transfers, such as debt collectors, courts, out-of-court dispute resolution bodies, bankruptcy or insolvency administrators, third parties maintaining registers (e.g. population register, debtors’ register, etc.), courts.

5. Which partners in the processing of personal data or personal data processors do we choose?

We are currently able to cooperate in processing the following categories of personal data:

1) Auditors, financial management and legal consultants;

2) IT infrastructure, database owner/developer/technical maintainer;

3) Fleet management system maintainer (GPS data);

4) Other persons involved in the provision of our services.

Personal data controllers may change from time to time and we will make changes to this document.

6. Is your personal data transferred to countries outside the European Union (EU) or the European Economic Area (EEA)?

7. How long will we keep your personal data?

When assessing the duration of storage of personal data, we take into account the requirements of applicable laws and regulations, the performance of contractual obligations, your instructions (e.g. in the case of consent) as well as our legitimate interests. If your personal data is no longer necessary for the purposes specified, we will delete or destroy it.

We set out below the most common retention periods for personal data:

1. personal data necessary for the performance of an employment contract – we will keep until the contract is performed

and until other retention periods are met (see below);

2. personal data that we need to keep in order to comply with legal requirements, we will keep in the relevant

the time limits set out in the relevant laws and regulations, e.g. the Accounting Act provides that,

that supporting documents must be kept until the date on which they are necessary to establish the existence of each

the beginning of an economic transaction and to trace its progress, but not less than 5 years; whereas

in the case of supporting documents relating to wages charged to employees, 10 or

in certain cases, 75 years;

3. we will keep the data to prove compliance with our obligations for the general limitation period

in accordance with the limitation periods for claims laid down in laws and regulations – 10 years

Civil Code, 2 or 3 years (Labour Law) and in accordance with other time limits, taking into account also

the time limits for bringing actions under the Civil Procedure Law and the Labour Law.

8. What are your rights as a data subject in relation to the processing of your personal data?

If there are any changes to the personal data that you have provided to us, such as a change in your personal identification number, contact address, telephone number or email address, please contact us and provide us with the updated data so that we can achieve the relevant purposes of processing your personal data.

In accordance with the provisions of the General Data Protection Regulation, you have the right to access your personal data held by us, to request its rectification, erasure, restriction of processing, to object to the processing of your data, as well as the right to data portability. We respect this right to access and control your personal data, so if we receive your request, we will respond to it within the time limits set out in the legislation (usually no later than one month, unless there is a specific request that requires more time to prepare a response) and, if possible, we will correct or delete your personal data accordingly. You may obtain information about your personal data held by us or exercise your other rights as a data subject in any of the following ways:

1) by submitting an application in person and identifying yourself at our office at 3 Ieriķu Street, Riga, LV-1084, Domina, Mon – Fri, 09:00 – 18:00 ;

2) by submitting an appropriate application by sending it to us by post to the following address;

3) by submitting an appropriate application by sending it to our e-mail address: info@evelatus.lv, signed with a secure electronic signature.

Upon receipt of your submission, we will assess its content and the possibility of your identification, depending on the relevant situation, we reserve the right to ask you to further identify yourself in order to ensure the security and disclosure of your data to the appropriate person.

If the processing of your personal data is based on your consent, you have the right to withdraw it at any time and we will no longer process your personal data that we processed on the basis of your consent for the relevant purpose. However, please be informed that the withdrawal of consent may not affect the processing of personal data which is necessary to comply with the requirements of laws and regulations or which is based on a contract, our legitimate interests or other grounds for lawful processing set out in laws and regulations. You may also object to the processing of your personal data if the processing is based on legitimate interests.

9. Where can you lodge a complaint in relation to personal data processing issues?

10. Why do you need to provide us with your personal data?

11. How do we obtain your personal data?

The purpose of this notice is to provide you with an opportunity to familiarise yourself with our personal data processing rules. We will provide you with access to this notice when you submit your CV for employment. We will also provide access to those persons whose data has been provided to us by employees or candidates (e.g. relatives’ data, data of referees, etc.). EVELATUS Ltd reserves the right to amend and update this notice as necessary.

This notice will provide you with a general overview of our processing activities and purposes, however, please note that other documents (e.g. Terms and Conditions of employment, employment contract, internal procedures and instructions) may also contain additional information about the processing of your personal data.

We are aware that personal data is an asset for you and we will process it in a way that respects confidentiality requirements and takes care of the security of your personal data in our possession.

3.1. for the purpose of the recruitment process and the exercise of the rights and obligations arising therefrom.

3.1.1 As part of this purpose, we collect CVs from candidates, we contact the candidate and references identified by the candidate to collect references. With the candidate’s consent, we retain CVs for other competitions and, in order to be able to defend our interests in legal proceedings, we retain data to respond to claims and cases brought before the courts.

3.1.2 For this purpose, we may need at least the following personal data:

– name, surname, contact details (e-mail, telephone number);

– information on the candidate’s education and previous work experience;

– information and contact details of persons who can provide references;

– references of the candidate;

– other information that may be relevant to the performance of the job and to the identification of the most suitable candidate.

3.1.3 The main legal bases to be used to achieve these purposes are:

– Consent (Article 6(1)(a) of the General Data Protection Regulation) to the fact of submitting a CV and to the retention of CVs for future competitions;

– the conclusion of a contract with the data subject (Article 6(1)(b) of the GDPR) for the processing of the data of candidates for whom the decision to conclude an employment contract has been taken;

– the performance of a legal obligation (Article 6(1)(c) of the GDPR) in certain cases for certain types of data where the legislation lays down minimum requirements for a specific job;

– the legitimate interests of the controller (Article 6(1)(f) of the GDPR) in relation to the provision of evidence in the event of potential claims, as well as in relation to the minimum amount of information to be requested.

3.2 For the conclusion and performance of an employment contract.

3.2.1.For this purpose, we will collect the information required to be included in the employment contract and its annexes, identify you, verify your qualifications, execute the employment contract, provide you with an e-mail address for work purposes, assign you a user name to access the relevant information systems, keep records of your working hours, the work you have done, in some cases, if necessary for the performance of your duties, we will share your job title and contact details with our business partners and clients and other employees, calculate and pay your wages to your nominated current account, check your health status and collect other information necessary for your employment.

3.2.2 For this purpose and for the sub-purposes set out above, we may need at least the following personal data:

– Employee’s name, personal identification number;

– home address, telephone number;

– date of commencement of the employment relationship, place of work, position;

– details of the employee’s education and qualifications;

– description of the duties to be performed, position, remuneration;

– evidence of performance of the duties, the employee’s appraisals, the employee’s state of health.

3.2.3 The main legal bases to be used to achieve these purposes are:

– the conclusion of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation);

– the fulfilment of a legal obligation (Article 6(1)(c) GDPR) – in relation to the information to be reflected in the employment contract and the necessary qualification requirements;

– the performance of the controller’s duties and the exercise of rights in the field of employment (Article 9(1)(b) of the GDPR) – for the processing of special categories of data (health data, trade union membership).

3.3. Compliance with statutory requirements relating to employment or with requirements laid down in other laws and regulations:

3.3.1 For this purpose, we would need to comply with the requirements of the Labour Law, the Labour Protection Law, the Accounting Law, the Archive Law and other statutory requirements. Also, in certain cases, we would be required to provide relevant information about you to public authorities (e.g. the State Revenue Service, the State Labour Inspectorate, bailiffs, investigative authorities, courts, supervisory authorities) on the basis of the rights of public authorities under the laws and regulations.

3.3.2 For this purpose, we may need to process the following personal data: – – any information about you requested by public authorities;

– health data for the purposes of statutory health checks and accident investigations;

– information about your trade union membership in the event of notice;

– information on children (age, name) to ensure the granting of additional leave days, information on your activities as a donor to ensure the granting of a paid day, etc. information that the legislation requires to be collected.

3.3.3 The main legal bases used to achieve these purposes are:

– Compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation);

– the performance of the controller’s obligations and the exercise of rights in the field of employment (Article 9(1)(b) GDPR) – for the processing of special categories of data (health data, trade union membership).

3.4 Ensuring social conditions and an appropriate working environment for employees:

3.4.1 For this purpose, we could provide you with various “social benefits”, such as the organisation of corporate events and promotions. Facilitating effective communication. Organising staff training and business trips. We could also collect information to tailor the working environment to you, we could inform other colleagues about your anniversaries, your absences and publish pictures of employer-organised events.

3.4.2 For this purpose, we might need at least the following personal data: information about important events in your life, your anniversaries, photos/videos from events, in some cases your health condition, to ensure an appropriate working environment, etc.

3.4.3 The main legal bases used to achieve these purposes are:

– consent of the data subject (Article 6(1)(a) and 6(1)(f) of the General Data Protection Regulation) – e.g. for the publication of anniversaries, organisation of employee training, publication of photographs from events, provision of an appropriate working environment

– the performance of the controller’s duties and the exercise of rights in the field of employment (Article 9(1)(b) of the General Data Protection Regulation) – for the processing of special categories of data (health data), e.g. to ensure an appropriate working environment.

3.5 Prevention of threats to security, pecuniary interests and other important legitimate interests of ours or third parties:

3.5.1 For this purpose, we would need to carry out video surveillance of our premises, buildings and outlets;

– use personal data processors for various functions;

– exchange information within the group of companies where necessary;

– to exercise the rights conferred by law or regulation for the purposes of their legitimate interests, to record working time, to record employee access to certain premises and information systems;

– control the protection of our trade secrets and personal data of our customers, e.g. by controlling outgoing shipments, checking the performance of an employee’s duties, in certain cases transfer information about you to business partners or customers or potential customers (in the context of procurement), if this is necessary for us to be able to

3.5.2 For this purpose, we may need to process at least the following personal data:

– data contained in video recordings, data recorded by access control systems concerning visits to premises or connections to information systems, your name, title and contact details, in certain cases, the content of outgoing emails in the event of risks being identified, etc.

3.5.3 The main legal bases used to achieve these purposes are:

– the legitimate interests of the controller (Article 6(1)(f) of the General Data Protection Regulation).

Your personal data could be accessed as necessary:

1) our employees or directly authorised persons who need to do so for the performance of their duties, such as accountants, line managers or, if the data is public, all employees;

2) personal data processors in accordance with the services they provide and only to the extent necessary, e.g. auditors, financial management and legal consultants, database developer/technical maintainer, other persons involved in the provision of the controller’s services;

3) State and local authorities in cases provided for by law, e.g. law enforcement authorities, municipalities, tax authorities, bailiffs;

4. third parties, subject to a careful assessment of whether there is an appropriate legal basis for such transfers, such as debt collectors, courts, out-of-court dispute resolution bodies, bankruptcy or insolvency administrators, third parties maintaining registers (e.g. population register, debtors’ register, etc.), courts.

We are currently able to cooperate in processing the following categories of personal data:

1) Auditors, financial management and legal consultants;

2) IT infrastructure, database owner/developer/technical maintainer;

3) Fleet management system maintainer (GPS data);

4) Other persons involved in the provision of our services.

Personal data controllers may change from time to time and we will make changes to this document.

When assessing the duration of storage of personal data, we take into account the requirements of applicable laws and regulations, the performance of contractual obligations, your instructions (e.g. in the case of consent) as well as our legitimate interests. If your personal data is no longer necessary for the purposes specified, we will delete or destroy it.

We set out below the most common retention periods for personal data:

1. personal data necessary for the performance of an employment contract – we will keep until the contract is performed

and until other retention periods are met (see below);

2. personal data that we need to keep in order to comply with legal requirements, we will keep in the relevant

the time limits set out in the relevant laws and regulations, e.g. the Accounting Act provides that,

that supporting documents must be kept until the date on which they are necessary to establish the existence of each

the beginning of an economic transaction and to trace its progress, but not less than 5 years; whereas

in the case of supporting documents relating to wages charged to employees, 10 or

in certain cases, 75 years;

3. we will keep the data to prove compliance with our obligations for the general limitation period

in accordance with the limitation periods for claims laid down in laws and regulations – 10 years

Civil Code, 2 or 3 years (Labour Law) and in accordance with other time limits, taking into account also

the time limits for bringing actions under the Civil Procedure Law and the Labour Law.

If there are any changes to the personal data you have provided to us, such as a change in your personal identification number, contact address, telephone number or email address, please contact us and provide us with the updated data so that we can achieve the relevant purposes of processing your personal data.

Your right to access your personal data.

In accordance with the provisions of the General Data Protection Regulation, you have the right to access your personal data held by us, to request its rectification, erasure, restriction of processing, to object to the processing of your data, as well as the right to data portability. We respect this right to access and control your personal data, so if we receive your request, we will respond to it within the time limits set out in the legislation (usually no later than one month, unless there is a specific request that requires more time to prepare a response) and, if possible, we will correct or delete your personal data accordingly. You may obtain information about your personal data held by us or exercise your other rights as a data subject in any of the following ways:

1) by submitting an application in person and identifying yourself at our office: 372 Brīvības gatve, t/p ALFA, every day 10:00-22:00;

2) by submitting the relevant application by post to us at the following address: 2a-14 Aivavas Street, Riga, LV-1084;

3) by submitting an appropriate application by sending it to our e-mail address: admin@evelatus.lv, signed with a secure electronic signature.

Upon receipt of your submission, we will assess its content and the possibility of identifying you, depending on the relevant situation, we reserve the right to ask you to further identify yourself in order to ensure the security and disclosure of your data to the relevant person.

Withdrawal of consent.

If the processing of your personal data is based on your consent, you have the right to withdraw it at any time and we will no longer process your personal data that we processed on the basis of your consent for the relevant purpose. However, please be informed that the withdrawal of consent may not affect the processing of personal data which is necessary to comply with the requirements of laws and regulations or which is based on a contract, our legitimate interests or other grounds for lawful processing set out in laws and regulations. You may also object to the processing of your personal data if the processing is based on legitimate interests.

1) from you, by submitting an application and CV to us for a vacancy;

2) in the process of entering into a contract with each other, by obtaining the data from you;

3. if the contract is concluded with a third party who has identified you as a family member;

4) from you if you make any submissions, e-mails, calls to us;

5) in certain cases from third party databases, for example when assessing your creditworthiness,

we may obtain data from third parties for this purpose;

6) where appropriate, from CCTV footage and access control systems;

7) where applicable, from doctors as a result of medical examinations.