GDPR & Personal Data
1. TERMS AND ABBREVIATIONS
- Client (as a Data subject) – a natural person who has been using or has expressed willingness to use Services provided by the Company (Potential client).
- Company (as a Controller) – PRAGMA LLC, registered in the Commercial Register of the Republic of Latvia under registration No.40203136893, registered office: Babītes nov., Babītes pag., Brīvkalni, Dambju iela 2, LV-2107, correspondence address: Riga, Grecinieku street 30-702, LV-1050.
- Controller – a body (the Company) that determines the means and purpose of Personal data processing.
- Data subject – an identified or identifiable natural person (Client, Client’s representative, employee).
- DPO – Data Protection Officer.
- EEA – European Economic Area.
- EU – European Union.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Personal data – any information related to an identified or identifiable natural person (Data subject).
- Processing – any actions and operations performed on Personal data, such as collection, recording, storage, use, transfer, erasure etc.
- Services – any services offered to Clients and other natural persons and legal entities by the Company.
- AMLTPF - Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing of the Republic of Latvia.
The goal of this Policy is to inform Data subjects who use or are willing to use the Services on the Processing carried out by the Controller, i.e. the Company, and to ensure necessary data protection rules and mechanisms.
3. PERSONAL DATA CATEGORIES PROCESSED BY THE COMPANY
- The Company may collect and process information listed under the following Personal data categories for the purposes specified under Section 4:
- general identification data – name, surname, date of birth, personal identity number, gender, copy of the Client’s identity document (passport, identification card, driver’s license etc.), photographs, and other related data;
- contact details – residence address and correspondence address (if not the same), phone number, e-mail address and other related data (if necessary);
- financial data – bank account information, origin of funds and assets, income and its stability, transactional data and other related data;
- information on education and economic activity – level of education, place and area of employment, previous places of employment, economic/commercial activity, experience in investing and other related data;
- information on related persons – authorized persons or representatives, relatives, whether persons closely related to Clients may be classified as politically exposed persons (PEPs) in accordance with AMLTPF law, and other related data;
- information on use of services and their relation to Clients’ preferences and habits – information on services used, personal settings, IP address, preferred language, surveys, contests and campaigns in which Clients have participated;
- data related to criminal convictions and offences – data on the criminal record related to criminal offences of Clients, Potential clients, beneficial owners and representatives thereof;
- audio/video data – video surveillance cameras’ footage, phone conversation recordings.
- Please note that the list above is not exhaustive and upon necessity the Company may request, collect and process other Personal data required in accordance with relevant legal enactments.
4. LEGAL BASIS AND PURPOSES FOR PERSONAL DATA PROCESSING
- The Company processes Personal data if at least one of the following legal bases are applicable:
- The Processing is necessary to enter into and perform a contract with the Data subject;
- The Processing is necessary for the Company to comply with a legal obligation to which the Company is subject as a Controller;
- The Processing is necessary for legitimate interests pursued by the Company or by a third party;
- the Data subject has given clear consent for the Company to process their Personal data for one of the purposes indicated in section 4.2., and such consent shall be freely given and easy to withdraw.
- The Company processes Personal data for the following purposes:
- to provide Services;
- to send administrative information, including updates on policies and changes to agreement terms;
- to send information about Services, products, educational materials, upcoming events and other related information that may be useful to the Client in relation to received Services and for educational purposes;
- to assess and mitigate risks related to money laundering and terrorism and proliferation financing, as well as transaction-related risks;
- to comply with legal obligations and/or government authorities’ requests;
- in relation to legal claims related to the Company’s legitimate interests;
- to provide additional or supportive services.
5. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
- Clients’ Personal data is stored and processed by the Company.
- The Company reserves the right to disclose Clients’ Personal data to the following entities insofar as such data is necessary for the performance of their delegated functions and there is an adequate legal basis for a lawful disclosure of Personal data:
- to selected and designated third parties, that perform services on behalf of the Company under a written agreement, which ensures proper safeguards and limitations with regards to Processing. This may include companies providing IT, audit, identity verification, marketing, translation and/or due diligence services, data analysis, cloud service providers and others;
- to government, regulatory or other law enforcement agencies/authorities in cases specified by law and regulatory enactments.
6. TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA
- Personal data may be transferred by the Company outside the EU or the EEA only when appropriate security measures have been taken and if at least one of the following applies:
- Personal data transfer is required under the laws and regulatory enactments being in force in the EU;
- Personal data transfer is necessary for the Company to enter into or perform an agreement with Clients for the provision of Services;
- In other cases, where the Client has given express consent to the Processing outside the EU or the EEA.
7. CLIENT’S RIGHTS
- Each Client has the following rights:
- the right to access their Personal data that is processed by the Company upon written request. However, if the Client’s request to access Personal data is excessive and/or repetitive, the Company may charge a reasonable fee based on administrative costs of preparing a copy of the Personal data undergoing Processing. If the aforementioned right to obtain a copy is restricted by the law due to the protection of rights and freedoms of other Clients, the Company may refuse to provide such information;
- the right to obtain rectification of inaccurate, incorrect or incomplete Personal data concerning themselves without undue delay from the Company;
- the right to request erasure (the right to be forgotten) of their Personal data undergoing processing in the Company. However, such request may not be fully satisfied if the processing of Personal data requested to be erased is necessary for execution of a contract or compliance with a legal obligation required by EU law or laws of the Republic of Latvia, e.g. AMLTPF. The Company will inform the Client if the complete erasure of the Client’s Personal data cannot be ensured, as well as explain the reasons for the decline and possible actions the Company will be able to take in each individual case;
- the right to restrict processing of their Personal data. Any such request shall be evaluated by the Company in order to determine whether such request contradicts other legal grounds of processing that the Company shall comply with;
- the right to data portability, i.e. Clients shall receive their Personal data in a structured, commonly used and machine-readable format and transmit it to another controller if the Processing is based on consent or on a contract and is carried out by automated means. Such requests shall not adversely affect rights and freedoms of other Clients of the Company;
- the right to withdraw consent for Processing for direct marketing purposes at any time;
- the right to be informed about automated individual decision-making, including profiling;
- the right to file a complaint to the personal data protection authority of the Republic of Latvia, i.e. the Data State Inspectorate of the Republic of Latvia, if the Client has any legal complaints that cannot be resolved during the negotiation process with the Company and its DPO through the contact details indicated in Section 11.
- All aforementioned rights shall be exercised in good faith and on a written request basis.
8. LEGAL WAIVER
The Client agrees not to hold the Company and its employees and affiliates liable for losses of any kind, including financial, suffered by the Client while using the Client’s Personal data, e.g. login details, by a third party (either communicated by the Client or obtained in an abusive/fraudulent manner from the Client). The Client shall be liable of any such Personal data disclosure to unauthorized third parties.
9. PERSONAL DATA RETENTION PERIOD
- The period of Personal data retention depends on the purpose of Processing specified by the Company, but it shall be stored no longer than reasonably required for such Processing.
- In determining the period of Personal data retention and Processing, the Company takes agreements with Clients and contractual obligations, the legitimate interest of the Company and relevant legal enactments into account.
11. CONTACT DETAILS
Should Clients have any questions or inquiries regarding the Policy, Clients may contact the Company by e-mail: firstname.lastname@example.org or by sending a letter to: Company’s Data Protection Officer, Riga, Grecinieku street 30-702, LV-1050, Latvia.
12. FINAL PROVISIONS
- The Policy is in force since the 26th of February 2021.
- The Company reserves the right to amend the Policy unilaterally at any time without prior notice to the Client. The Company shall use its website to inform the Client about any amendments to the Policy by posting the text of the Policy, whereas the Client undertakes to review the Company’s website regularly to check the Policy’s updates.