Data Controller and its contact details
- The data processor for the processing of personal data is an IQTC Management Ltd (hereinafter IQTC), registration No 40103812151, legal address in Riga, Liepājas Street 34, LV-1002.
- IQTC contact information on matters related to the processing of personal data is firstname.lastname@example.org. You may ask about the processing of personal data by contacting us via the provided contact information above or by attending the IQTC office in person. The request for the realisation of rights may be made under the paragraph 11.
Scope of application of the document
- Personal data means any information that can be used to directly or indirectly identify a specific individual.
- Individuals – customers and other users of IQTC services (including potential, former and existing), and third parties who in connection with the provision of services to individuals receive or transfer any information (including contacts, payers, etc.);
- Visitors of IQTC office and other premises, including those regarding of which video surveillance is conducted;
- Visitors and users of the website and mobile app owned and maintained by the IQTC, including those who has contacted company by the phone (hereinafter – Customers).
- IQTC takes care of the Customers’ privacy and the protection of personal data, respect the Customers’ rights to the lawfulness of the processing of personal data under the applicable law – Regulation 2016/679 of the European Parliament and the Council Of Europe Convention of 27 April 2016 for The Protection Of Individuals With Regard To Automatic Processing Of Personal Data and the free movement of such data (Regulation) and other applicable law of privacy and data processing.
- For specific types of data processing (e.g. processing of cookies, etc.), of circumstances and purposes may be established additional specific rules about which the Customer is informed at the time when he provides the relevant data to the IQTC.
The purposes of processing of personal data
- IQTC processes personal data for the following purposes:
- For the supply of services:
- identification of the Customer;
- the preparation, conclusion a contract and proof of the fact of entering a contract;
- the provision of services (for the fulfilment of contract obligations);
- the development of new services;
- the promotion, advertising and distribution of the use of the service;
- For the customer service:
- reviewing and processing of applications and objections;
- customer retention, loyalty building, satisfaction measurements;
- administration of payments;
- For business planning and analysis:
- statistics and business analysis;
- planning and accounting;
- efficiency measurement;
- ensuring the quality of the data;
- market and public opinion research;
- preparation of reports;
- conducting customer surveys;
- within the framework of risk management activities.
- To ensure the information, information system and company security.
- Provision of information to state administration institutions and subjects of operational activities in cases and to the extent prescribed by external regulatory enactments.
- For the supply of services:
- For other specific purpose, about which the Customer shall be informed at the time when he or she provides the relevant data to IQTC.
The legal basis for processing of personal data
- IQTC processes Customer personal data on the following legal bases:
- for the conclusion of contract and its fulfilment;
- to enforce legislation;
- under the Customer – data subject consent;
- in a legitimate interest;
- for ensuring the vital interests of the data subject or other individual
- The legitimate interests of IQTC are:
- to perform commercial activities;
- to provide training services;
- to verify the identity of the Customer prior to concluding the contract;
- to ensure compliance with the obligations of the contract;
- to prevent unjustified financial risks to own commercial activities (including a credit risk assessment prior to the sale of services and during the fulfilment of the contract);
- to save Customer applications regarding the provision of services, other applications, relevant notes, including those made in written or verbal form, over the telephone or on the home page;
- to conduct the negotiations about the provision, maintenance and payments of services to perform the quality control of customer service;
- to conduct the negotiations with the Customer to arrange the fulfilment of the contractual obligations of the service;
- to analyse the functionality of the IQTC homepage, the use of social media and other internet sites, and to implement improvements;
- to take relevant action to keep customers;
- to segment the customer database for more efficient provision of services;
- to develop and evolve services;
- to promote services;
- to prevent fraud;
- to ensure corporate management, financial and business accounting and analysis;
- to ensure efficient business management processes;
- to ensure the efficiency of the provision of services;
- to ensure and improve the quality of services;
- to administer payments;
- to administer undone payments;
- turn to State administrative and operational authorities and to the court protecting own legal interests;
- to inform the public about the activities.
The processing of personal data
- IQTC processes Customer data using modern technology capabilities, taking into account existing privacy risks and the reasonably available organisational, financial and technical resources.
- To ensure the quality and operational performance of the contractual obligations with the Customer, IQTC may allow its partners to carry out separate service activities. If, performing these tasks, the Partner processes the Customer personal data held by IQTC, then such Partner is considered as an IQTC data processing operator (processor) and IQTC may transfer to the Partner the Customer personal data on the extent, necessary for performing contractual obligations.
- IQTC partners (in the data processor status) will ensure that personal data processing and protection requirements are met under IQTC requirements and legislation and will not use personal data for other than the fulfilling of the obligations of the contract concluded with the Customer and IQTC.
Protection of personal data
- IQTC protects Customer data using modern technology capabilities, taking into account existing privacy risks and the reasonably available organisational, financial and technical resources.
Categories of recipients of personal data
- IQTC shall not disclose to third parties the Customer’s personal data or any information obtained during the provision of services and the duration of the contract, except for:
- if the relevant data must be transferred to the third party within the agreement to perform the functions stated in the contract or delegated by law (for example, to the bank within the framework of the payment or to provide a service, about which the Customer is informed in the agreement);
- under the clear and unambiguous consent of the Customer;
- to the persons specified in external regulatory enactments at their reasonable request, under the procedures and to the extent prescribed by external regulatory enactments;
- in cases specified in external regulatory enactments for the protection of the legitimate interests of IQTC, for example by appealing to a court or other State institutions against a person who has infringed these legitimate interests of IQTC.
Access to personal data by third-country entities
- In some cases, in compliance to regulatory requirements, developers or service providers in third countries (i.e. countries outside the European Union and the European Economic Area) (in the Regulation referred as “transfer to third countries”) has access to the IQTC personal data as a data controller (operator).
- In such cases, the IQTC shall ensure the procedures prescribed by regulatory enactments for ensuring the level of processing and protection of personal data equivalent to that prescribed by the Regulation.
The retention period of personal data
- IQTC keep and process the Customer’s personal data while at least one of the following criteria exists:
- only as long, as the contract with the Customer is in force;
- the data are necessary for the purpose for which they have been received;
- while, under the procedures specified in external regulatory enactments, IQTC or the Customer may carry out his or her legitimate interests (for example, to lodge objections or file a claim in the court);
- while one of the party has a legal obligation to keep the data (for example, under the Accounting Law, invoices issued by the company must be kept for 5 years, etc.);
- only as long, as the Customer’s consent to the relevant processing of personal data is in force, unless there is another legitimate basis for the processing of the data.
- After the circumstances referred to in this paragraph cease, the Customer’s personal data shall be deleted.
Access to personal data
- The Customer is entitled to receive the information specified in regulatory enactments related to the processing of his or her data.
- The Customer has the right under the regulatory enactments to request IQTC access to his or her personal data, and to require IQTC to replenish, rectify or delete them, or to restrict processing regarding the Customer, or to object to processing (including the processing of personal data made based on the legitimate interests of IQTC), and the right to data portability. These rights shall be exercised so far as the processing of data does not arise from the obligations of IQTC imposed on it by the regulatory enactments in force, and which are carried out in the public interest.
- The Customer may submit a request for the exercise of his or her rights:
- in written form at the office of the IQTC, presenting a personal identification document;
- by electronic mail, signed with a secure electronic signature.
- Upon receiving the Customer’s request for the exercise of their rights, IQTC shall verify the identity of the Customer, evaluate the request and execute it under the regulatory enactments.
- The IQTC’s reply shall be sent to the Customer by post to his contact address in a registered letter or other manner indicated by the Customer.
- IQTC shall ensure that data processing and protection requirements are fulfilled under regulatory enactments and, if of objections from the Customer, take an action to resolve the objection. However, if it fails, the Customer shall have the right to apply to the Supervisory Authority – the Data State Inspectorate.
Customer’s consent to data processing and right of withdrawal
- The Customer’s consent to the processing of personal data whose legal basis is consent, may be given in the IQTC application forms, by the phone call or in person at the IQTC office.
- The Customer has the right to revoke the consent given to the processing of personal data as it was given, in which case further processing based on the prior consent for the purpose will no longer be performed.
- The withdrawal of consent shall not affect the processing of data carried out at the time when the Customer’s consent was in effect.
- The withdrawal of consent shall not lead to the interruption of the processing of data carried out based on other legal bases.
Communication with the Customer
- IQTC communicate with the Customer using the contact details provided by the Customer (telephone number, e-mail address, postal address).
- Communication on the service obligation fulfilment IQTC conducts based on the contract concluded.
- The homepage or social accounts of IQTC may contain links to third-party homepages, which have their own usage and personal data protection rules for which IQTC does not bear responsibility.