Privacy Policy

v. 3.0
29 NOVEMBER 2023



Welcome to the Privacy Policy of SIA FYST Tech, registration No. 40203434698, legal address:  Dzirnavu iela 42, Riga, LV-1010, Latvia (hereinafter also  FYST, Company or we). This document outlines how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws. Your privacy is important to us, and  we  are  committed  to  ensuring  the confidentiality  and  security  of  your personal data.

This Privacy Policy is intended for individuals (hereinafter also – you) who interact with us in various capacities, including but not limited to clients, users of our website, individuals seeking  our  services,  employee candidates,  referrers, and other stakeholders.

We encourage you to read this Privacy Policy carefully to understand how we handle your personal information. If you have any questions or concerns regarding our data processing practices, please contact us using the details provided in Section 14.


FYST is the controller of personal data, as referred to in this Privacy Policy. As the controller, we determine the purposes and means of processing your personal data.   This   means   that   we   are   responsible   for   deciding   why   and   how   your information is processed in the course of our business operations.  

For matters related to the protection of your personal data and to facilitate communication   regarding   privacy   concerns,   FYST   has   appointed   a   Data Protection Officer (DPO). The DPO serves as a point of contact for individuals to address questions, requests, or concerns regarding the processing of personal information. If you wish to get in touch with our Data Protection Officer, you can reach them using the details provided in Section 14.


We adhere to the following principles when processing your personal data: 

a. Lawfulness, Fairness, and Transparency: We process your personal data in accordance with applicable laws and regulations. Our processing activities are conducted transparently, and we strive to communicate clearly about how your data is used. 

b. Purpose Limitation: Your personal data is collected for specified, explicit, and legitimate purposes. We do not process your information in a manner that is incompatible with these purposes. 

c. Data Minimization:  We only collect and process personal data that is necessary for the purposes for which it is being processed. We aim to keep the data we hold accurate and up-to-date, and we do not retain it for longer than is necessary. 

d. Accuracy:  We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, updated. 

e. Storage Limitation:  Your personal data is stored for no longer than is necessary  for  the  purposes  for  which  it  was  collected.  We  have  defined retention periods for different types of data, and we regularly review and securely dispose of data that is no longer needed. 

f. Integrity and Confidentiality:  We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of your personal data. Your information is protected against unauthorized access, disclosure, alteration, and destruction. 

g. Accountability:  The Company is accountable for ensuring compliance with these principles. We have designated individuals responsible for data protection, and we conduct regular assessments of our data processing practices to uphold the highest standards of accountability.


At FYST, we process various categories of personal data to fulfill the purposes outlined in this Privacy Policy. The types of personal data we may collect, and process include, but are not limited to:

a. Contact Information: for instance, email address, phone number, address.

b. Professional Information: for instance, job title, company name, professional qualifications, and industry expertise.

c. Identification Information: for example, name and surname, government-issued identification number, or other identification information.

d. Compliance Data: for example, information necessary for regulatory compliance, such as anti-money laundering (AML) checks, politically exposed person (PEP) checks, data related to compliance with legal and regulatory requirements,   information   related   to   sanctions   and watchlists,   and   other compliance-related data.

e. Risk Management Data: for instance, information about business relationships and affiliations that may impact risk assessment, information used for fraud detection and prevention, etc.

f. Technical Information: for example, information about your device (e.g., IP address, browser type), information related to interactions with our website, other usage data, cookies and similar information.

g. Information Related to Employee Candidates and Referrals: for instance, resumes, employment history, educational background, and professional references.

h. Video Surveillance and Audio Call Recordings: namely, records of video surveillance at our office premises, and records of incoming and outgoing calls with the Company.


We process your personal data for specific and legitimate purposes. Below, we outline the purposes for which we collect and process your information, along with the legal bases that justify these processing activities:

a. Provision of Services
Purpose: Entering into a contract, fulfilling our contractual obligations and providing you with the requested services. 
Legal basis: performance of/entering into a contract.

b. Communication and Responding to Inquiries
Purpose: Communicating with you, responding to your inquiries, and providing updates on our services. 
Legal   basis:   performance   of/entering   into   a   contract,   legal   obligation, legitimate interests.

c. Legal and Regulatory Compliance
Purpose: Complying with legal and regulatory requirements, including risk management and financial compliance.
Legal basis: legal obligation.

d. Contractual Compliance
Purpose: Meeting our obligations, performing agreed-upon actions, and avoiding actions that would violate the terms of a contract.
Legal basis: performance of/entering into a contract, legal obligation.

e. Advertising and Marketing
Purpose: Providing you with promotional materials and updates about our services.
Legal basis: consent, legitimate interests.

f. Improvement of Services and Business Operations
Purpose: Improving our services, business operations, and the overall user experience.
Legal basis: legitimate interests.

g. Legal Claims and Defense
Purpose: Establishment, exercise, or defense of legal claims in the event of a dispute.
Legal basis: legitimate interests.

h. Recruitment and Establishing Employment Relations
Purpose: recruiting employees directly or via referral programs, making employment   decisions, entering into employment contracts with selected candidates.
Legal basis: performance of/entering into a contract, consent, legitimate interest.


At FYST, we collect personal data from various sources to fulfill the purposes outlined in this Privacy Policy. These sources of personal data may include:

a. Direct Collection: for instance, we collect data directly from you when you engage with our services, communicate with us, interact with our website, etc.

b. Indirect Collection: for instance, we may obtain information from third-party service providers, publicly available sources, employee referrals or other business partners.


We may share your personal data with certain recipients to fulfill the purposes outlined in this Privacy Policy. The categories of such recipients are as follows:

a. Service providers that assist in delivering our services.

b. Legal and regulatory authorities.

c. Business partners and affiliates.

d. Other recipients in line with your consent or under another legal basis.


We primarily process personal data within the European Union and European Economic Area (EU/EEA). However, it still may be necessary for us to transfer your data to countries outside the EU/EEA to fulfill the purposes outlined in this Privacy Policy. We want to reassure you that when transferring your personal information outside the EU/EEA, we take appropriate measures to ensure the same level of protection as if the information were processed within the EU/EEA. Such   measures   may   include,   for   example,   the   use   of   standard   contractual clauses approved by the European Commission or other safeguards recognized by applicable data protection laws.


Safeguarding your personal data is one of our top priorities. We have implemented a comprehensive set of technical and organizational measures to safeguard your data against unauthorized access, disclosure, alteration, and destruction.  Furthermore, we continuously evaluate and update our security practices to align with industry standards and evolving technological advancements.


At FYST, we store your personal data for a duration necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws and regulations. The specific retention periods may vary depending on the nature of the data and the purposes for which it is processed. As a rule, your personal data is processed only for the purposes for which it was collected. We do not retain your information for longer than necessary to fulfill these purposes. However, we may retain your personal data for a longer period if required to comply with legal and regulatory obligations, such as record-keeping, reporting, or other statutory requirements. At the conclusion of the respective retention period, your personal data will be securely and responsibly managed. We are committed to ensuring the proper disposal of your information, either through secure deletion or anonymization.


11.1. Under the GDPR, you have specific rights regarding the personal information we hold about you. These rights include: 

a. Right to access personal data that we hold about you. 
b. Right to correct incomplete or inaccurate information about you. 
c. Right to delete your personal data. 
d. Right to restrict or object to certain types of processing. 
e. Right to personal data portability. 
f. Right to withdraw consent for processing based on consent (please note that the withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal). 

To exercise any of these rights or if you have any questions about your rights, please contact us using the details provided in Section 14.

11.2. It is important to note that these rights are not absolute and may be subject to limitations or exemptions as stipulated by applicable data protection laws.

11.3. Please also note that we may request additional information to verify the identity of the individual making the request under the data subject rights outlined in this Section.


If you have any concerns, complaints, or disputes related to the processing of your personal information, we encourage you to contact us first as we are committed to providing a positive experience regarding your privacy and data protection. We will take all necessary steps to address any concerns you may have in a fair and collaborative manner. However, you still retain the right to escalate the matter to the appropriate regulatory body – Latvian Data State Inspectorate (Datu valsts inspekcija).


As data protection laws change and our services evolve, we may revise this Privacy Policy to align with these changes. Therefore, we encourage you to revisit this Privacy Policy from time to time to stay updated on our data processing practices. If we make significant updates to this Privacy Policy, we may provide a prominent notice on our website or send you a notification using contact details at our disposal, depending on the nature of the changes.


If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at