Privacy Policy
v. 3.0
29 NOVEMBER 2023
1. INTRODUCTION
Welcome to the Privacy Policy of SIA FYST Tech, registration No. 40203434698, legal address: Dzirnavu iela 42, Riga, LV-1010, Latvia (hereinafter also FYST, Company or we). This document outlines how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws. Your privacy is important to us, and we are committed to ensuring the confidentiality and security of your personal data.
This Privacy Policy is intended for individuals (hereinafter also – you) who interact with us in various capacities, including but not limited to clients, users of our website, individuals seeking our services, employee candidates, referrers, and other stakeholders.
We encourage you to read this Privacy Policy carefully to understand how we handle your personal information. If you have any questions or concerns regarding our data processing practices, please contact us using the details provided in Section 14.
2. CONTROLLER AND DPO
FYST is the controller of personal data, as referred to in this Privacy Policy. As the controller, we determine the purposes and means of processing your personal data. This means that we are responsible for deciding why and how your information is processed in the course of our business operations.
For matters related to the protection of your personal data and to facilitate communication regarding privacy concerns, FYST has appointed a Data Protection Officer (DPO). The DPO serves as a point of contact for individuals to address questions, requests, or concerns regarding the processing of personal information. If you wish to get in touch with our Data Protection Officer, you can reach them using the details provided in Section 14.
3. PRINCIPLES OF DATA PROCESSING
We adhere to the following principles when processing your personal data:
a. Lawfulness, Fairness, and Transparency: We process your personal data in accordance with applicable laws and regulations. Our processing activities are conducted transparently, and we strive to communicate clearly about how your data is used.
b. Purpose Limitation: Your personal data is collected for specified, explicit, and legitimate purposes. We do not process your information in a manner that is incompatible with these purposes.
c. Data Minimization: We only collect and process personal data that is necessary for the purposes for which it is being processed. We aim to keep the data we hold accurate and up-to-date, and we do not retain it for longer than is necessary.
d. Accuracy: We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, updated.
e. Storage Limitation: Your personal data is stored for no longer than is necessary for the purposes for which it was collected. We have defined retention periods for different types of data, and we regularly review and securely dispose of data that is no longer needed.
f. Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of your personal data. Your information is protected against unauthorized access, disclosure, alteration, and destruction.
g. Accountability: The Company is accountable for ensuring compliance with these principles. We have designated individuals responsible for data protection, and we conduct regular assessments of our data processing practices to uphold the highest standards of accountability.
4. CATEGORIES OF PROCESSED DATA PROCESSED
At FYST, we process various categories of personal data to fulfill the purposes outlined in this Privacy Policy. The types of personal data we may collect, and process include, but are not limited to:
a. Contact Information: for instance, email address, phone number, address.
b. Professional Information: for instance, job title, company name, professional qualifications, and industry expertise.
c. Identification Information: for example, name and surname, government-issued identification number, or other identification information.
d. Compliance Data: for example, information necessary for regulatory compliance, such as anti-money laundering (AML) checks, politically exposed person (PEP) checks, data related to compliance with legal and regulatory requirements, information related to sanctions and watchlists, and other compliance-related data.
e. Risk Management Data: for instance, information about business relationships and affiliations that may impact risk assessment, information used for fraud detection and prevention, etc.
f. Technical Information: for example, information about your device (e.g., IP address, browser type), information related to interactions with our website, other usage data, cookies and similar information.
g. Information Related to Employee Candidates and Referrals: for instance, resumes, employment history, educational background, and professional references.
h. Video Surveillance and Audio Call Recordings: namely, records of video surveillance at our office premises, and records of incoming and outgoing calls with the Company.
5. PURPOSES AND LEGAL BASIS FOR PROCESSING
We process your personal data for specific and legitimate purposes. Below, we outline the purposes for which we collect and process your information, along with the legal bases that justify these processing activities:
a. Provision of Services
Purpose: Entering into a contract, fulfilling our contractual obligations and providing you with the requested services.
Legal basis: performance of/entering into a contract.
b. Communication and Responding to Inquiries
Purpose: Communicating with you, responding to your inquiries, and providing updates on our services.
Legal basis: performance of/entering into a contract, legal obligation, legitimate interests.
c. Legal and Regulatory Compliance
Purpose: Complying with legal and regulatory requirements, including risk management and financial compliance.
Legal basis: legal obligation.
d. Contractual Compliance
Purpose: Meeting our obligations, performing agreed-upon actions, and avoiding actions that would violate the terms of a contract.
Legal basis: performance of/entering into a contract, legal obligation.
e. Advertising and Marketing
Purpose: Providing you with promotional materials and updates about our services.
Legal basis: consent, legitimate interests.
f. Improvement of Services and Business Operations
Purpose: Improving our services, business operations, and the overall user experience.
Legal basis: legitimate interests.
g. Legal Claims and Defense
Purpose: Establishment, exercise, or defense of legal claims in the event of a dispute.
Legal basis: legitimate interests.
h. Recruitment and Establishing Employment Relations
Purpose: recruiting employees directly or via referral programs, making employment decisions, entering into employment contracts with selected candidates.
Legal basis: performance of/entering into a contract, consent, legitimate interest.
6. SOURCES OF INFORMATION
At FYST, we collect personal data from various sources to fulfill the purposes outlined in this Privacy Policy. These sources of personal data may include:
a. Direct Collection: for instance, we collect data directly from you when you engage with our services, communicate with us, interact with our website, etc.
b. Indirect Collection: for instance, we may obtain information from third-party service providers, publicly available sources, employee referrals or other business partners.
7. RECIPIENTS OF SHARED DATA
We may share your personal data with certain recipients to fulfill the purposes outlined in this Privacy Policy. The categories of such recipients are as follows:
a. Service providers that assist in delivering our services.
b. Legal and regulatory authorities.
c. Business partners and affiliates.
d. Other recipients in line with your consent or under another legal basis.
8. INTERNATIONAL TRANSFERS
We primarily process personal data within the European Union and European Economic Area (EU/EEA). However, it still may be necessary for us to transfer your data to countries outside the EU/EEA to fulfill the purposes outlined in this Privacy Policy. We want to reassure you that when transferring your personal information outside the EU/EEA, we take appropriate measures to ensure the same level of protection as if the information were processed within the EU/EEA. Such measures may include, for example, the use of standard contractual clauses approved by the European Commission or other safeguards recognized by applicable data protection laws.
9. DATA SECURITY
Safeguarding your personal data is one of our top priorities. We have implemented a comprehensive set of technical and organizational measures to safeguard your data against unauthorized access, disclosure, alteration, and destruction. Furthermore, we continuously evaluate and update our security practices to align with industry standards and evolving technological advancements.
10. RETENTION PERIOD AND STORAGE
At FYST, we store your personal data for a duration necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws and regulations. The specific retention periods may vary depending on the nature of the data and the purposes for which it is processed. As a rule, your personal data is processed only for the purposes for which it was collected. We do not retain your information for longer than necessary to fulfill these purposes. However, we may retain your personal data for a longer period if required to comply with legal and regulatory obligations, such as record-keeping, reporting, or other statutory requirements. At the conclusion of the respective retention period, your personal data will be securely and responsibly managed. We are committed to ensuring the proper disposal of your information, either through secure deletion or anonymization.
11. YOUR RIGHTS
11.1. Under the GDPR, you have specific rights regarding the personal information we hold about you. These rights include:
a. Right to access personal data that we hold about you.
b. Right to correct incomplete or inaccurate information about you.
c. Right to delete your personal data.
d. Right to restrict or object to certain types of processing.
e. Right to personal data portability.
f. Right to withdraw consent for processing based on consent (please note that the withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal).
To exercise any of these rights or if you have any questions about your rights, please contact us using the details provided in Section 14.
11.2. It is important to note that these rights are not absolute and may be subject to limitations or exemptions as stipulated by applicable data protection laws.
11.3. Please also note that we may request additional information to verify the identity of the individual making the request under the data subject rights outlined in this Section.
12. COMPLAINTS AND DISPUTE RESOLUTION
If you have any concerns, complaints, or disputes related to the processing of your personal information, we encourage you to contact us first as we are committed to providing a positive experience regarding your privacy and data protection. We will take all necessary steps to address any concerns you may have in a fair and collaborative manner. However, you still retain the right to escalate the matter to the appropriate regulatory body – Latvian Data State Inspectorate (Datu valsts inspekcija).
13. CHANGES TO THIS PRIVACY POLICY
As data protection laws change and our services evolve, we may revise this Privacy Policy to align with these changes. Therefore, we encourage you to revisit this Privacy Policy from time to time to stay updated on our data processing practices. If we make significant updates to this Privacy Policy, we may provide a prominent notice on our website or send you a notification using contact details at our disposal, depending on the nature of the changes.
14. CONTACT US
If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at dpo@fyst.com