Privacy policy

 

PURPOSE AND SCOPE OF THE PRIVACY POLICY

The purpose of the Boldy Agency (hereinafter referred to as the "Controller") privacy policy (hereinafter referred to as the "Policy") is to inform the Controller’s clients, potential clients, employees, partners, and other individuals about the Controller's activities related to the processing and protection of personal data of natural persons that can be directly or indirectly identified (hereinafter referred to as the "Data Subject"). The Policy outlines what personal data of the Data Subject is processed, including its collection, transfer, correction, storage, deletion, and other relevant actions. It also describes the purposes of such data processing and the legal basis in accordance with the European Parliament and Council Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data and the free movement of such data, which repeals Directive 95/46/EC (hereinafter referred to as the "Regulation"). Additionally, it addresses the data retention periods and the rights of the Data Subject.

This Policy applies to the processing of personal data regardless of the form and/or medium in which the Data Subject provides or the Controller collects the personal data (for instance, in the Controller’s premises, website, in paper form, orally, electronically via email or phone, on the Controller’s social media profiles, etc.).

The Controller reserves the right to amend the Policy at its discretion. The Policy is available on the Controller’s website – www.boldyagency.com (hereinafter referred to as the "Website") – and applies from the date of its approval.

CATEGORIES OF PERSONAL DATA, CATEGORIES OF DATA SUBJECTS, PURPOSES OF PROCESSING, AND LEGAL BASIS

The Controller typically processes personal data of the following Data Subjects:

  • Employees;
  • Potential employees;
  • Clients (representatives);
  • Potential clients (representatives);
  • Business partners and their representatives.

The Controller processes personal data of natural persons lawfully, fairly, and in a transparent manner to the Data Subject in order to:

  • Provide services to clients;
  • Administer employment relationships;
  • Ensure and improve the quality of services provided by the Controller;
  • Detect and prevent criminal activities or administrative offenses within the Controller’s premises and/or territory;
  • Fulfill legal obligations applicable to the Controller;
  • Implement the Controller’s public relations and marketing activities;
  • Protect the legitimate interests of the Controller and the Data Subject.

The Controller's legitimate interests include:

  • Conducting and managing business activities;
  • Verifying the identity of the Data Subject before entering into a contract;
  • Receiving payments;
  • Improving service quality;
  • Analyzing demand;
  • Preventing criminal activities or administrative offenses on the Controller’s premises;
  • Protecting the rights and legal interests of the Controller and the Data Subject, and so forth.

The Controller generally processes the following categories of personal data:

  • Name;
  • Surname;
  • Personal identification number;
  • Address;
  • Phone number;
  • Email address;
  • Information about employee education;
  • Bank account number, debit/credit card number;
  • Taxpayer identification number;
  • Health data (mandatory health checks for staff);
  • Photograph, video recording.

The legal basis for the Controller's processing of personal data may include:

  • Article 6(1)(a) of the Regulation, which states that data processing is lawful if the Data Subject has given consent for the processing of their personal data for one or more specific purposes;
  • Article 6(1)(b) of the Regulation, which states that data processing is lawful if it is necessary for the performance of a contract to which the Data Subject is a party or to take steps at the request of the Data Subject prior to entering into a contract;
  • Article 6(1)(c) of the Regulation, which states that data processing is lawful if it is necessary to fulfill a legal obligation applicable to the Controller;
  • Article 6(1)(f) of the Regulation, which states that data processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject that require protection of personal data, especially if the Data Subject is a child;
  • Article 9(2)(h) of the Regulation, which states that processing of health data is lawful if it is necessary for the assessment of the employee's capacity to work, based on EU or Member State law, or pursuant to a contract with a health professional.

The Controller processes names, surnames, addresses, phone numbers, email addresses, bank account numbers, and taxpayer identification numbers for the purpose of providing services to clients and fulfilling legal obligations, based on Article 6(1)(b) and/or (c) of the Regulation.

The Controller processes names, surnames, and education data to evaluate the Data Subject’s suitability for an open position, based on Article 6(1)(a) of the Regulation.

The Controller processes names, surnames, and birthdates to congratulate employees on special occasions, based on Article 6(1)(a) of the Regulation.

The contact information of the Data Subject (name, phone number, email address) may be processed to communicate with or provide information to the Data Subject, solely in their interests and in connection with the services for which the Data Subject has applied, based on Article 6(1)(a) of the Regulation.

Photos and/or videos, names, and surnames are processed for the purposes of the Controller’s public relations and/or marketing, based on Article 6(1)(a) of the Regulation.

Employees' health data is processed for the purpose of evaluating their capacity to work, based on Article 9(2)(h) of the Regulation.

PERSONAL DATA RETENTION PERIOD

Personal data is retained in accordance with the regulations set by the Republic of Latvia, the consent of the Data Subject, the terms of the concluded contracts, or the legitimate interests of the Controller, as well as any other legal basis.

TRANSFER OF PERSONAL DATA OUTSIDE LATVIA

The processed personal data will not be transferred outside the EU and EEA, nor to any international organization, unless the Data Subject has given their consent.

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data, if there is a legal basis, may be disclosed to authorities, insurance companies, banks, social network operators, hosting service providers, data processors hired by the Controller, business partners, courier or postal service providers, software maintenance providers, and others.

SECURITY OF PERSONAL DATA PROCESSING

The Controller ensures that personal data is processed in a manner that ensures adequate protection of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by using appropriate technical or organizational measures.

ACCESS TO PERSONAL DATA BY THE DATA SUBJECT

The Data Subject has the right to receive confirmation from the Controller as to whether or not their personal data is being processed and, if so, to access the relevant data and receive the information specified in Article 15(1) of the Regulation.

The Data Subject has the right to request, based on their request, that the Controller correct any inaccurate personal data without undue delay. Considering the purposes of processing, the Data Subject has the right to ensure that incomplete data is completed, including by providing additional statements.

According to Article 17 of the Regulation, the Data Subject has the right to request the Controller to erase personal data without undue delay, if any of the conditions specified in that article apply.

The Data Subject has the right to request the restriction of processing if any of the conditions specified in Article 18 of the Regulation apply.

The Data Subject has the right to withdraw their consent to the processing of their personal data, if such consent has been given.

To facilitate and expedite the processing of the Data Subject’s requests, it is recommended that the Data Subject contact the Controller in writing (signed paper request or an electronically signed document), sending the relevant request to the Controller’s legal address or email address specified in Section 2 of the Policy.

The Data Subject also has the right to lodge a complaint with the Data State Inspectorate if the Data Subject believes that the Controller infringes on their rights and legal interests in the field of personal data protection. Complaints can be submitted by mail or email (with secure electronic signature documents sent to: info@dvi.gov.lv).

COOKIE POLICY

This policy (hereinafter referred to as "the document") describes the use of cookies by Boldy Agency (hereinafter referred to as "the Controller") on the website www.boldyagency.com (hereinafter referred to as "the site" or "website"), including the purposes for which cookies are used and users' rights to manage and choose cookie usage according to their needs.

What Are Cookies?

Cookies are small text files that a web browser (e.g., Internet Explorer, Mozilla Firefox, Safari, etc.) stores on the user's device (computer, mobile phone, tablet) when the user visits a website. Cookies help the website to remember individual user settings, recognize them, and respond accordingly to improve the website's user experience. Users can disable or restrict the use of cookies, but without cookies, it may not be possible to fully utilize all website functions. Depending on their functions and purposes, the Controller uses necessary, functional, analytical, and targeting (advertising) cookies.

Necessary Cookies

These cookies are essential for users to freely visit and browse the website and use its features, including obtaining information about and purchasing services. These cookies identify the user’s device but do not disclose the user's identity, and they do not collect or gather information. Without these cookies, the website cannot fully function, for example, by providing necessary information or service applications. These cookies are stored on the user's device until the web browser is closed.

Functional Cookies

Functional cookies allow the website to remember user-selected settings and choices, making it more convenient for the user to use the site. These cookies are stored on the user’s device permanently.

Analytical Cookies

Analytical cookies collect information about how users use the website, identifying the most frequently visited sections, including the content users choose while browsing the site. This information is used for analysis to understand what interests the website users and to improve the site’s functionality, making it more user-friendly. Analytical cookies identify only the user's device but do not disclose the user's identity. In some cases, certain analytical cookies may be managed by data processors (operators), such as Google Adwords, on behalf of the site owner and only for the specified purposes.

Targeting (Advertising) Cookies

Targeting (advertising) cookies are used to gather information about the websites users visit and to offer services from the Controller that are specifically of interest to the user or to address offers relevant to the user's demonstrated interest. Typically, these cookies are placed by third parties, such as Google Adwords, with the site owner’s permission and according to specified purposes. Targeting cookies are stored on the user’s device permanently.

Purposes for Using Cookies

The Controller may use cookies to enhance the website experience:

  • To ensure the website’s functionality;
  • To tailor the website’s functionality to the user’s habits, including language, search queries, and previously viewed content;
  • To obtain statistical data on page visitor flow – number of visitors, time spent on the page, etc.;
  • For user authentication;
  • If the user is a client of the Controller’s services, to display services tailored to the user's needs and offer other content and offers created or distributed by the Controller when visiting the site.

Duration of Cookie Storage

Unless otherwise specified, cookies are stored for as long as necessary to fulfill the purpose for which they were collected and are then deleted. Cookie information is not processed outside the European Union and EEA.

Cookie Consent and Disabling

When visiting the website, users will see a pop-up message indicating that cookies are used on the website. If users accept cookies by clicking "I Agree," the legal basis for cookie use is the user's consent, and they confirm that they have read and understood the information about cookies, their purposes, and cases where information may be shared with third parties. If the user enters into a contract using the site, cookie processing is necessary for the execution of the contract with the user or to fulfill legal obligations or legitimate interests of the Controller. Users can restrict and delete cookies through their web browser’s security settings. However, it should be noted that it is not possible to refuse the use of necessary and functional cookies, as the site’s and website’s full functionality cannot be ensured without them.

By using our services or interacting with our website, you acknowledge that you agree to this Privacy Policy. Before providing any personal information to us, it is important that you read and understand this privacy policy.

Contact Information

If you have any questions about the use of cookies, you can contact the Controller using the following contact details:

✉️ hello@boldyagency.com

📞 (+371) 22418978