We are committed to protecting the privacy and confidentiality of your personal information. In this Privacy Policy, we outline what information we may collect about you, how we will use it, and provide information about your rights and how you can contact us. This privacy policy sets out and defines our privacy policy.
We assume that you have read this Privacy Policy and have accepted its terms before using our website or becoming a customer or affiliate.
As we continually evolve, improve, and diversify our services, we sometimes need to change our privacy policy. Any changes to our privacy policy will be posted on our website.
We also ask you to take into account that additional conditions and information about the processing of personal data may also be included in the cooperation, employment, or any other mutually concluded agreement concluded between you and the Latvian Institute of Organic Synthesis.
DEFINITIONS
GDPR/VDAR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Regulation on the protection of individuals);
Personal Data Any information relating to an identified or identifiable person whose data is processed by this Privacy Policy, the GDPR and any applicable law.
PROCESSING Any activity or set of activities performed with personal data (collection, registration, storage, viewing, use, disclosure, deletion, etc.).
CONTROLLER Your data controller is the Latvian Institute of Organic Synthesis (including its structural units, subsidiary companies, or foundations. Example: The Fund of the Latvian Institute of Organic Synthesis), to which you have submitted your personal data or which has obtained your data, and which alone or together with other legal or natural persons determines the purposes and means of processing your data.
PROCESSOR is a natural or legal person, public authority, agency or other entity that processes your personal data on behalf of LIOS.
LIOS Derived public person Latvian Institute of Organic Synthesis (hereinafter – LIOS, we, our, us).
THIRD PART Is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons authorized to process personal data under the direct authority of the LIOS or the processor.
DATA CONTROLLER
Derived public person Latvian Institute of Organic Synthesis. The Latvian Institute of Organic Synthesis is a state scientific institute that conducts research in pharmacology, organic chemistry, molecular biology and bioorganic chemistry. Our institute is characterized by an innovative combination of the achievements of academic research in organic chemistry and pharmacology with competence in solving applied research tasks in medicinal chemistry, in order to make a significant contribution to the development of science and the improvement of the quality of life in society.
IN WHAT CASES DOES THIS PRIVACY POLICY APPLY?
This privacy policy applies if you use, have used or have expressed an intention or interest in using LIOS services, cooperating (performing work) with us, attending our institution and events we organize. This also applies if you are indirectly involved in a service or cooperation agreement. This also applies if our relationship was established before the entry into force of this Privacy Policy and if you have provided and/or LIOS has obtained your personal information.
WHAT PERSONAL DATA DO WE PROCESS AND WHY?
We process your personal data under GDPR rules, legal requirements and this Privacy Policy, and only for the legitimate purposes defined below, including:
- To ensure the security, prevention of property damage, and other essential legitimate interests of us, you, or third parties:
We conduct video surveillance of our facility and territory and process your personal data for the security of your personal and the security and property of our employees, customers. Video surveillance is carried out under strict security and privacy rules, using modern technology and equipment. When visiting the institution, you may be asked to register in the visitors’ log and prove your identity, the purpose or the reason for the visit.
Categories of personal data (example) | Legal basis |
Biometric data (face image), location and time, name, surname, signature, identity check. | Our legitimate interest and the protection of vital interests, including health and life. |
- For the conclusion of the contract and performance of the contract:
To conclude a contract and fulfil what has been agreed, we will most likely need information about the representatives of our customers/partners. If the contract is concluded with natural persons, then we will need to identify you, receive the contact and declared residence addresses, the bank account number to which payment is to be made, if such is provided for in the relevant contract.
Categories of personal data (example) | Legal basis |
Name, surname, contact information, personal identification code, declared and actual address of residence, bank account number, certificate number for the performer of economic activity, etc. | Contractual relationship (for the conclusion and performance of the contract) and our legitimate interest. |
- Promoting cooperation and improving performance:
To inform our customers/partners about changes in our operations, improvements, etc., we need full communication with the customer/partner, so we may need information about the contact person of the customer or partner.
Categories of personal data (example) | Legal basis |
Name, surname, phone number, e-mail address. | Our legitimate interest. |
- Criminal record check
In the cases specified in the Public Procurement Law, when conducting public procurements, we are obliged to check whether the relevant tenderer, a member of its board or council, a legal entity or a procurator is represented, or a person authorized to represent a candidate or tenderer in activities related to a branch have an injunction or a court judgment that has entered into force and has become uncontested and unappealable has not been found guilty or has not been subject to coercive measures for any of the criminal offenses referred to in the Public Procurement Law.
Categories of personal data (example) | Legal basis |
Name, surname, the fact of finding criminal offenses | legal obligation (required by law) |
- For the selection of tenderers in public procurement
To evaluate the tenderers and we entrust the order to the tenderer who attracts qualified and necessary specialists, information on the contact person is collected when organizing public procurements, as well as in certain procurement procedures information on the specialist (natural person) to be involved in the service or construction is required. The Public Procurement Law and other legislation also oblige public authorities to be as efficient as possible and to choose the best and most appropriate tender. The contact person is required for communication within the procurement procedure and for sending separate notices. We also process your personal data as the data of a potential partner/employee/representative/signatory, to form a partnership (for example, when receiving offers in our competitions).
Categories of personal data (example) | Legal basis |
Name, Surname, previous experience, education, professional qualifications, and other similar information | Our legitimate interest and legal obligation (required by law) |
- Incoming-outgoing correspondence
To organize the records of the institution, we register both your incoming and outgoing letters. the law also obliges us to provide you with answers, if you have requested one. If the addressee is a natural person, then personal data will be stored in our record keeping system.
Categories of personal data (example) | Legal basis |
Name, surname, address. | Our legitimate interest and legal obligation (required by law) |
- For publicity and preservation of historical heritage
For the purpose of publicity and preservation of historical heritage, we may process and publicize pictures, videos and similar materials from our public and work events.
Categories of personal data (example) | Legal basis |
A picture of a person in photographs and videos | Our legitimate interest |
- Recruitment or internship
We may process your personal data to administer the recruitment process, assess your application and career, previous work experience and education, your suitability for the job, and contact you.
When you apply, you can choose which personal data you want to provide and to what extent. In some cases, we may request additional information or prepare a standard form to fill in. You are responsible for the validity and veracity of the information provided. When evaluating the application, we will process the personal data contained in the CV and the application letter. If you have provided information that is not required for the selection process, we will disregard that information. Please note that you will not be able to participate in the selection process if you choose not to provide your personal information, which we do need to assess your eligibility.
Categories of personal data (example) | Legal basis |
Name, Surname, contact information, address, previous work experience, education, courses, certificates, etc. | Your consent (by submitting a CV and applying for the announced vacancy). Our legitimate interest |
- For donations to the Organic Synthesis Institute Fund
When making a donation, within the donation process, your personal data (e.g., name, surname, bank account) become available to us. Payment processing is provided by the payment platform makecommerce.lv, so we transfer the necessary personal data for payment execution to the platform owner – licensed payment institution Maksekeskus AS. If the Organic Synthesis Institute decides to publish a list of major donors on its website, you will have the right to choose whether your name, surname, and donation amount are published. If you do not provide such consent, the designation “Anonymous donor” will be made.
Categories of personal data (example) | Legal basis |
Name, Surname, personal identification code, bank account number. | Your consent, our legitimate interest, for scientific purposes |
We retain your data related to donations for as long as necessary for accounting purposes in accordance with regulatory requirements. Personal data that you agree to publish on the Fund’s website will be processed for an unlimited period. You have the right to withdraw your consent for the publication of your personal data at any time.
- Participation in our organized conferences and seminars
When filling out the application form, we will process personal data such as your name, surname, contact phone number, and email address for communication purposes. If the event requires a participation fee, we will also collect your bank account number.
In certain conferences or seminars, the purpose of processing personal data may also be to ensure LIOS event publicity (reflecting events on the LIOS website, social networks, and other communication channels, using photos, audio, and video materials). In such cases, informational signs will be placed at the event entrance indicating that photos and videos are being taken during the event or video streaming is occurring.
One of the purposes of processing personal data may also be to inform about future conferences organized by LIOS, in cases where the registration form includes a section for consent to receive information about other LIOS-organized seminars and conferences, and you have given your consent to receive such information.
Categories of personal data (example) | Legal basis |
Name, surname, personal identification code, email address, phone number, bank account number | Contractual relationships, consent, legitimate interests |
- Cookies
We use cookies to gather information about how you use our website. Cookies enable us to ensure and enhance the technical functionality of the website. The information obtained does not contain data that would allow us to identify you as an individual person.
- For the fulfilment of the requirements specified in other regulatory enactments
In our operations, we must also comply with the requirements set out in the laws and regulations governing accounting, the law on archives and other laws and regulations. The legal basis for the processing of personal data in these cases will be the fulfilment of a legal obligation.
FROM WHAT SOURCES CAN WE OBTAIN PERSONAL DATA?
We mainly collect personal data from the person to whom the data relate, whether in the process of concluding a mutual agreement or otherwise cooperating, including in cases where you submit an application, e-mail, etc., to us.
- From video surveillance recordings when you visit our facility or territory
- If the contract is with a third part and it has identified, you as a contact person or person associated with the object or has submitted documents in which your personal data is reflected. In cases where we are provided with information about you in this way, we request that you be informed of the LIOS
- From our data controllers who collect your personal data with your consent and on the basis of another legal basis, such as for research purposes.
WHEN DO WE TRANSFER PERSONAL DATA?
We process data following applicable laws, treaties and GDPR and ensure that personal data may only be accessed by persons who have a legal basis for such access.
Personal data may be transferred:
- To our employees or directly authorized persons who need it for the performance of their duties;
- Personal data controllers according to the services they provide and only to the extent necessary (For example, technical maintenance of databases, record keeping and IT system, financial management consultants, auditors, security service provider, maintenance of video surveillance and cameras, technical cooperation partners (photo/video) and other persons involved in the provision of services to us).
- State and local government institutions in cases specified by law (for example, law enforcement agencies, sworn bailiffs, local governments, tax administrations, courts, supervisory authorities, EU structural funds supervisory authorities).
- Third parties, after carefully assessing whether there are appropriate grounds for such a transfer of personal data, such as debt recovery service providers, courts, out-of-court redress bodies, insolvency administrators, third parties maintaining registers (for example, debtors’ registries, credit bureaux, etc.).
TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA (EU/EEA)
We only process personal data within the EU/EEA. The transfer and processing of personal data outside the EU/EEA may take place if there are legal grounds for doing so, for example, to fulfil a legal obligation, enter into or perform a contract, our legitimate interests or with your consent. The transfer and processing of personal data outside the EU/EEA can only take place if appropriate security measures are in place.
STORAGE PERIODS
Personal data shall be kept for as long as is necessary for the purposes for which the personal data are processed and following the requirements of the applicable law. When evaluating the retention period of personal data, we comply with the requirements of binding law, aspects of contractual performance, your instructions, and our legitimate interests.
We keep personal data for as short a period as possible. If your personal data is no longer needed for certain purposes, we will securely delete or destroy them.
Some of the most common general retention periods for personal data are:
- Procurement. Your personal data as a tenderer or a natural person included in the tender of a tenderer-legal entity shall be stored for 10 years after the expiry of the contract.
- Recruitment or practice. Your personal data is stored in paper and digital format. The data retention period shall not exceed 3 months after the relevant vacancy has been closed or the follow-up period for the project for which the vacancy has been established has ended. Employees’ personal data is stored for 75 years.
- Publicity. We will store your name, phone number or email address until the end of the event. We will keep your picture (photo or video) of the event/activity for 10 years from the date of the event.
- Invoices. Your personal data is stored for 10 years after the invoice is issued/received.
- Performance of contractual obligations. Personal data is stored until the contract is performed, and there is no other legal basis to store the data after the end of the contractual obligations.
- We will retain personal data that must be retained to comply with legal requirements following the provisions of applicable law, for example, the Accounting Act requires that supporting documents be retained until the date necessary to identify and track the start of each business transaction, but not less than 5 years.
- To ensure that your data is restored, we will keep your personal data backed up until a minimum newer backup is created so that previous backups can be deleted.
- To prove the fulfilment of our obligations, we will store personal data under the statute of limitations specified in regulatory enactments – 10 years in civil law, 3 years in commercial law and others, also taking into account the terms for bringing claims specified in civil procedure law.
- We will store the data obtained as a result of video surveillance for 1 calendar month to detect possible criminal offenses, if any. Video surveillance recordings may be kept longer if they are needed as evidence in a legal proceeding.
The retention periods for personal data may differ from the general retention periods if they have a legitimate purpose, for example, personal data may be retained for longer than specified during the proceedings or in the event of possible action.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
To protect your personal information from unauthorized access, unauthorized processing, accidental loss, disclosure or destruction, we provide and regularly review and improve our personal data protection measures. To do this, we use state-of-the-art technology, technical and organizational requirements, such as selecting and configuring appropriate computer systems and restricting access to such systems, files and objects.
However, we recommend that you comply with the general security rules for the use of computer systems and the Internet, as well as the requirements for the protection and storage of your personal data (especially your identity documents). We will not be liable for unauthorized access to your personal data and/or loss of personal data due to your fault or negligence.
WHAT ARE YOUR RIGHTS TO THE PROCESSING OF YOUR PERSONAL DATA?
We want to ensure that the processing of your personal data is fair and transparent and that your legal rights are respected, so you have the right to:
- Access your data – you have the right to obtain information from us about whether we process your personal data and, if we are, to access your personal data.
- Correct your data – you have the right to request that we correct incorrect personal data. If there is a change in the personal data you have provided to us, such as a change in the personal identification code, contact address, change of telephone number or e-mail, etc. we ask you to contact us and provide us with up-to-date data so that we can achieve the relevant purposes of processing personal data.
- Delete your data – in certain circumstances, you may have the right to delete your personal data. this right shall not apply if the processing is necessary for the exercise of freedom of expression and information to comply with legal requirements or to institute, enforce or defend in law.
- In certain cases, to receive or send your personal data to another company (this right is called the right to transfer data). This right applies when the processing of personal data is based on your consent or contract, as well as when the processing is automated.
- Withdraw consent – to the extent that we process your personal data on the basis of your consent, you have the right to withdraw your consent to the processing of personal data at any time.
- Restrict the processing of your data – in certain cases, you have the right to restrict the processing of your personal data.
- Object to the processing of your personal data – you have the right to object to the processing of your personal data by us. This applies in cases where the processing of personal data is based on our or a third part’s legitimate interests.
To exercise this right, please submit a written request to us or the Data Protection Officer (contact information is provided at the end of this Privacy Policy).
In case you believe that we do not process personal data in accordance with applicable law, you have the right to apply to the State Data Inspectorate (http://www.dvi.gov.lv).
RULES FOR DATA CONTROLLERS AND COOPERATION PARTNERS
If you are one of our processors or business partners who have access to personal data in accordance with a mutually agreed agreement or assignment, then you must comply with the rules on the processing of personal data. These terms and conditions also apply after the termination of the contract or assignment.
In addition to the terms of the agreement and the GDPR regarding the processing and confidentiality of personal data, any of our processors and business partners who receive or have received personal data from us must comply with the following:
- The processing of personal data may only take place following the subject matter of the contract/task, within the limits of the powers and to the extent necessary for the performance of that task.
- Any processing not expressly permitted in the contract/work order is prohibited.
- The purpose of the processing carried out by the processor on behalf of the controller is to fulfil the relevant contract under which the contractor operates.
- The processor/partner may process personal data only on behalf of the controller and in accordance with the instructions.
- Personal data are not transferred to third parties or transferred outside the EU without a legal basis.
- If the controller requests information on security measures, documentation or other information related to how the processor processes personal data, the response shall be provided no later than within 5 working days from the receipt of the request unless it is objectively impossible to submit the information within such time limit.
- The processor shall immediately, but not longer than within 1 working day, notify the controller of the processing violations unless it is objectively impossible to submit the information within such period.
- The processor undertakes to ensure a high level of security for its products and services. The processor shall ensure a level of security using organizational, technical and physical security measures following the requirements for information security measures set out in Article 32 of the GDPR.
CHANGES TO OUR PRIVACY POLICY
We regularly review our privacy policy. This privacy policy was updated on March 15, 2024.
CONTACT INFORMATION
If you have any questions about the processing of your personal data or this privacy policy, please contact us.
APP Latvian Institute of Organic Synthesis
Aizkraukles iela 21,
Rīga, LV – 1006, Latvija
Data protection specialist:
E-pasts: Oskars@datudrosiba.com