29 NOVEMBER 2023
2. CONTROLLER AND DPO
For matters related to the protection of your personal data and to facilitate communication regarding privacy concerns, FYST has appointed a Data Protection Officer (DPO). The DPO serves as a point of contact for individuals to address questions, requests, or concerns regarding the processing of personal information. If you wish to get in touch with our Data Protection Officer, you can reach them using the details provided in Section 14.
3. PRINCIPLES OF DATA PROCESSING
We adhere to the following principles when processing your personal data:
a. Lawfulness, Fairness, and Transparency: We process your personal data in accordance with applicable laws and regulations. Our processing activities are conducted transparently, and we strive to communicate clearly about how your data is used.
b. Purpose Limitation: Your personal data is collected for specified, explicit, and legitimate purposes. We do not process your information in a manner that is incompatible with these purposes.
c. Data Minimization: We only collect and process personal data that is necessary for the purposes for which it is being processed. We aim to keep the data we hold accurate and up-to-date, and we do not retain it for longer than is necessary.
d. Accuracy: We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, updated.
e. Storage Limitation: Your personal data is stored for no longer than is necessary for the purposes for which it was collected. We have defined retention periods for different types of data, and we regularly review and securely dispose of data that is no longer needed.
f. Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of your personal data. Your information is protected against unauthorized access, disclosure, alteration, and destruction.
g. Accountability: The Company is accountable for ensuring compliance with these principles. We have designated individuals responsible for data protection, and we conduct regular assessments of our data processing practices to uphold the highest standards of accountability.
4. CATEGORIES OF PROCESSED DATA PROCESSED
a. Contact Information: for instance, email address, phone number, address.
b. Professional Information: for instance, job title, company name, professional qualifications, and industry expertise.
c. Identification Information: for example, name and surname, government-issued identification number, or other identification information.
d. Compliance Data: for example, information necessary for regulatory compliance, such as anti-money laundering (AML) checks, politically exposed person (PEP) checks, data related to compliance with legal and regulatory requirements, information related to sanctions and watchlists, and other compliance-related data.
e. Risk Management Data: for instance, information about business relationships and affiliations that may impact risk assessment, information used for fraud detection and prevention, etc.
f. Technical Information: for example, information about your device (e.g., IP address, browser type), information related to interactions with our website, other usage data, cookies and similar information.
g. Information Related to Employee Candidates and Referrals: for instance, resumes, employment history, educational background, and professional references.
h. Video Surveillance and Audio Call Recordings: namely, records of video surveillance at our office premises, and records of incoming and outgoing calls with the Company.
5. PURPOSES AND LEGAL BASIS FOR PROCESSING
We process your personal data for specific and legitimate purposes. Below, we outline the purposes for which we collect and process your information, along with the legal bases that justify these processing activities:
a. Provision of Services
Purpose: Entering into a contract, fulfilling our contractual obligations and providing you with the requested services.
Legal basis: performance of/entering into a contract.
b. Communication and Responding to Inquiries
Purpose: Communicating with you, responding to your inquiries, and providing updates on our services.
Legal basis: performance of/entering into a contract, legal obligation, legitimate interests.
c. Legal and Regulatory Compliance
Purpose: Complying with legal and regulatory requirements, including risk management and financial compliance.
Legal basis: legal obligation.
d. Contractual Compliance
Purpose: Meeting our obligations, performing agreed-upon actions, and avoiding actions that would violate the terms of a contract.
Legal basis: performance of/entering into a contract, legal obligation.
e. Advertising and Marketing
Purpose: Providing you with promotional materials and updates about our services.
Legal basis: consent, legitimate interests.
f. Improvement of Services and Business Operations
Purpose: Improving our services, business operations, and the overall user experience.
Legal basis: legitimate interests.
g. Legal Claims and Defense
Purpose: Establishment, exercise, or defense of legal claims in the event of a dispute.
Legal basis: legitimate interests.
h. Recruitment and Establishing Employment Relations
Purpose: recruiting employees directly or via referral programs, making employment decisions, entering into employment contracts with selected candidates.
Legal basis: performance of/entering into a contract, consent, legitimate interest.
6. SOURCES OF INFORMATION
a. Direct Collection: for instance, we collect data directly from you when you engage with our services, communicate with us, interact with our website, etc.
b. Indirect Collection: for instance, we may obtain information from third-party service providers, publicly available sources, employee referrals or other business partners.
7. RECIPIENTS OF SHARED DATA
a. Service providers that assist in delivering our services.
b. Legal and regulatory authorities.
c. Business partners and affiliates.
d. Other recipients in line with your consent or under another legal basis.
8. INTERNATIONAL TRANSFERS
9. DATA SECURITY
Safeguarding your personal data is one of our top priorities. We have implemented a comprehensive set of technical and organizational measures to safeguard your data against unauthorized access, disclosure, alteration, and destruction. Furthermore, we continuously evaluate and update our security practices to align with industry standards and evolving technological advancements.
10. RETENTION PERIOD AND STORAGE
11. YOUR RIGHTS
11.1. Under the GDPR, you have specific rights regarding the personal information we hold about you. These rights include:
a. Right to access personal data that we hold about you.
b. Right to correct incomplete or inaccurate information about you.
c. Right to delete your personal data.
d. Right to restrict or object to certain types of processing.
e. Right to personal data portability.
f. Right to withdraw consent for processing based on consent (please note that the withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal).
To exercise any of these rights or if you have any questions about your rights, please contact us using the details provided in Section 14.
11.2. It is important to note that these rights are not absolute and may be subject to limitations or exemptions as stipulated by applicable data protection laws.
11.3. Please also note that we may request additional information to verify the identity of the individual making the request under the data subject rights outlined in this Section.
12. COMPLAINTS AND DISPUTE RESOLUTION
If you have any concerns, complaints, or disputes related to the processing of your personal information, we encourage you to contact us first as we are committed to providing a positive experience regarding your privacy and data protection. We will take all necessary steps to address any concerns you may have in a fair and collaborative manner. However, you still retain the right to escalate the matter to the appropriate regulatory body – Latvian Data State Inspectorate (Datu valsts inspekcija).
14. CONTACT US