Privacy Policy

Version 1.1
Effective from June 1, 2024

1. General Terms

1.1. SIA “CUBE Systems” respects the privacy rights of its employees, clients, partners, and other directly or indirectly associated individuals, as a result of which personal data protection requirements are an integral part of the business processes of SIA “CUBE Systems”.

1.2. The Privacy Policy provides transparent information on the purposes for which SIA “CUBE Systems” collects and processes personal data, the principles of such processing, and the rights of data subjects in protecting their personal data.

1.3. The processing of personal data is carried out in accordance with the applicable laws of the Republic of Latvia, as well as in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the Regulation.

1.4. The specific processing of personal data and how these data is used also depend on each individual case; therefore, not all information mentioned in this Privacy Policy will necessarily apply to you.

2. Data Controller and Contact Information

2.1. The data controller for the processing of personal data is SIA “CUBE Systems”, unified registration No. 40103311537, registered address: Mūkusalas iela 29B, LV-1004, email: [email protected].

2.2. For any questions or uncertainties regarding this Privacy Policy or the processing of personal data, please write to the email [email protected].

3. Legal Basis for the Processing of Personal Data

3.1. The personal data of data subjects are processed:

3.1.1. for the conclusion and performance of a contract with the data subject, including to conclude a contract based on the data subject’s application and to ensure its execution;

3.1.2. for the fulfilment of legal obligations, such as in the fields of taxation and accounting;

3.1.3. based on the consent provided by the data subject;

3.1.4. on the basis of legitimate interests pursued by SIA “CUBE Systems” or third parties.

3.2. The legitimate interests of SIA “CUBE Systems” include:

3.2.1. conducting commercial activities;

3.2.2. verifying the identity of the data subject before starting cooperation or concluding another type of contract;

3.2.3. retaining applications, submissions, emails, and other recorded information regarding the interest in cooperation, such as in a specific project;

3.2.4. ensuring the fulfillment of contractual obligations;

3.2.5. protecting legal interests in court, other state institutions, and while receiving legal assistance;

3.2.6. promoting its services and conducting other marketing activities, including sending commercial notifications;

3.2.7. organizing professional events and documenting them with photos and videos;

3.2.8. managing the company’s website and social media accounts;

3.2.9. creating and preserving records of projects developed by SIA “CUBE Systems,” their development progress, and historical events.

4. Scope of Personal Data

4.1. Categories of personal data processed by SIA “CUBE Systems”:

4.1.1. identity data and contact information:

4.1.1.1. name and surname;

4.1.1.2. personal identification number/date of birth;

4.1.1.3. declared residential address;

4.1.1.4. phone number and email address;

4.1.1.5. personal identification document data.

4.1.2. Data arising from the respective type of collaboration:

4.1.2.1. data from the concluded collaboration agreement;

4.1.2.2. data on contract performance.

4.1.2.3. documentation and correspondence within the framework of the respective project (such as project specifications, additional tasks, deadlines, and other communication related to contract performance).

4.1.3. Other data logically and reasonably derived from the respective project.

5. Processing, Protection, and Storage of Personal Data

5.1. The processing of personal data is carried out only for the initially specified purposes and within the initially defined scope.

5.2. The processing of personal data of data subjects is carried out using modern technological capabilities, taking into account existing privacy risks and reasonably available organizational, financial, and technical resources. Within the framework of all these measures, an appropriate level of information protection is ensured, which prevents unauthorized access to the personal data of the data subject.

5.3. Personal data is stored only for as long as necessary to achieve the purposes specified in this Privacy Policy, unless longer retention is required or permitted by applicable laws and regulations. The following criteria is used to determine the storage period for data:

5.3.1. for as long as there is a legal basis for data processing;

5.3.2. as long as the contract or collaboration agreement concluded with the data subject is in force, from which the processing of personal data arises;

5.3.3. as long as SIA “CUBE Systems” or the data subject can pursue their legitimate interests in accordance with the procedures established in external regulatory acts (such as handling requests, protecting rights, resolving issues, etc.);

5.3.4. as long as the data subject’s consent to the respective processing of personal data is valid;

5.3.5. for the preservation of the archive and historical evidence of projects created by SIA “CUBE Systems”.

5.4. The storage period for personal data is determined in accordance with the requirements of regulatory acts, for example:

5.4.1. to comply with the storage periods stipulated in regulatory acts governing accounting, typically ranging from five to ten years;

5.4.2. to ensure the protection of our fulfilled obligations and the retention of evidence in accordance with the statutory limitation periods: 10 years under the Civil Law; 3 years under the Commercial Law; 5 years under the Law on the Processing of Personal Data, and other relevant periods, taking into account also the deadlines set in the Civil Procedure Law for bringing claims.

5.5. In the processing of personal data, no profiling of data subjects or automated decision-making is carried out that would result in legal or other consequences for the data subject.

6. Recipients of Personal Data

6.1. Personal data of data subjects are not disclosed to third parties without legal basis, except for:

6.1.1. if the transfer of data to the respective third party is necessary for the performance of a specific contract;

6.1.2. to lawfully delegated state authorities, such as the State Social Insurance Agency, the State Revenue Service, the State Police, the Emergency Medical Service, etc.;

6.1.3. if the data subject has given consent to the processing of data and its further transfer;

6.1.4. in cases specified by regulatory enactments for the protection of the legitimate interests of SIA “CUBE Systems”;

6.1.5. if the transfer of data is necessary to safeguard the legitimate interests of SIA “CUBE Systems” or third parties.

6.2. Within the framework of a collaboration agreement or a specific project, for the purpose of performing certain functions, the personal data of the data subject may be transferred to other companies within the CUBE group.

6.3. Personal data of data subjects are not transferred or processed outside of the EU or EEA.

7. Rights and Obligations of Data Subjects

7.1. The data subject can provide consent for the processing of personal data either in person at the specific project location or electronically.

7.2. The data subject has the right to withdraw consent for data processing at any time, using the same method through which it was given.

7.3. The withdrawal of consent does not affect the processing of data carried out while the data subject’s consent was in force.

7.4. Revoking consent does not necessarily halt processing based on other legal grounds.

7.5. The data subject has the right to receive information as stipulated in regulatory enactments regarding their data processing, request data correction, or object to the processing of personal data.

7.6. The data subject can submit a request for the exercise of their rights in writing in person, presenting an identification document, or electronically via email, signing with a secure electronic signature.

7.7. When processing a data subject’s request regarding the exercise of their rights, SIA “CUBE Systems” verifies the identity of the data subject, evaluates the request, and fulfil it in accordance with regulatory enactments.

7.8. SIA “CUBE Systems” ensures compliance with data processing and protection requirements in accordance with regulatory enactments. In case of claims from the data subject, SIA “CUBE Systems” will take all necessary actions to resolve the claims, but if unsuccessful, the data subject has the right to address the supervisory authority – the Data State Inspectorate.

8. Closing Provisions

8.1. Requests and information inquiries from data subjects are processed free of charge. The processing of a request may be refused or a reasonable fee may be applied if the request is evidently unfounded or excessive, as well as in other cases specified by regulatory enactments.

8.2. The data subject has the obligation to familiarize themselves with this Privacy Policy and to inform any person associated with the data subject and whose interests may be affected by the data processing processes.

8.3. The Privacy Policy is freely accessible on the website of SIA “CUBE Systems” www.cubesystems.lv.