General Privacy Policy of the Single Website Platform
Your privacy and data protection is very important to the webmaster of the Single Website Platform. We assume that if you are reading this Policy in connection with the consent required of you in connection with the processing of your personal data, you have read this statement and agreed to the processing of your personal data before submitting your personal data.
Public administration is committed to openness and transparency, so by providing us with your personal data, we have described how personal data is processed on the Single Website Platform and for what purposes. Before processing personal data, we evaluate the lawfulness of the data processing activity. We process personal data on the basis of official authority and legal obligations applicable to it.
The purpose of the privacy policy of the Single Website Platform is to comply with the principles of personal data processing contained in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (hereinafter - GDPR), to provide general information regarding the processing of personal data organised and performed by the State Chancellery.
The personal data controller of the Single Website Platform shall be the State Chancellery (SC). The personal data processors of the Website Platform shall be the institutions of the websites included on the platform, the maintainers of the platform - the State Regional Development Agency (SRDA), the hosts on technical resources - the Information Centre of the Ministry of the Interior (ICMI) and the technical service providers - Latvian State Radio and Television Centre (LSRTC).
Your personal data on the Single Website Platform shall be processed in accordance with the implementation of the legal interests of public administration institutions, for the fulfilment of obligations specified in the laws and regulations, fulfilment of contractual obligations, provision of public information, as well as other previously provided purposes.
The legal basis for the processing of personal data performed within the framework of the services managed by the Single Website Platform shall be determined by the following laws and regulations:
- Section 10 of the State Administration Structure Law
- Regulation of the Cabinet of Ministers of 4 July 2017 No. 399 “Procedures for Accounting and Provision of Quality Control of Public Administration Services”
- Regulation of the Cabinet of Ministers of 4 July 2017 No. 402 “Regulations on Public Administration E-Services”
- Regulation of the Cabinet of Ministers of 14 July 2020 "Procedures for Posting Information on the Internet by Institutions"
Employees of the parties involved in the operation of the Single Website Platform shall only process personal data for the performance of their official duties or on behalf of or under the instruction of the authorities, in compliance with the basic principles of personal data processing and confidentiality requirements set out in the institution’s internal documents.
An employee shall be prohibited to process personal data obtained within the framework of the performance of official duties for his or her own or other persons personal purposes. By processing personal data in the course of their official duties, processors of personal data shall, as far as possible, reduce the risk of personal data coming into the possession of unauthorised persons as a result of actions or omissions.
On the Single Website Platform, your personal data shall be processed in accordance with the requirements of confidentiality and taking care of the security of the data we hold. The processors of personal data on the Single Website Platform shall take various security measures to prevent unauthorised access to your data, disclosure of data or use of other inappropriate personal data. Proper data information processing, storage, data integrity shall be ensured with an appropriate level of security. Accordingly, we use proportionate and appropriate physical, technical and administrative procedures and means to protect the personal data we collect and process. The implemented security measures shall constantly be improved in accordance with the security requirements, subject to appropriate data protection safeguards and to the extent necessary for the purposes of the processing.
We carry out personal data protection with data encryption tools, firewall protection, as well as other data network security breach detection solutions. The data controllers of the Single Website Platform shall ensure the confidentiality of the data and take appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing, disclosure, accidental loss, distribution or destruction, subject to appropriate data protection safeguards and to the extent necessary for the Data processing purposes. Personal data security measures shall constantly be improved and refined in order not to lower the level of personal data protection.
Protection of personal data processing shall be performed:
- in the information technology infrastructure (servers, local computer networks and application software) for the personal data processed;
- for personal data transported in the data transmission network, if any;
- in the information systems used for the provision of work, which are administered by the institutions involved in the Single Website Platform;
- for electronic documents developed, registered and in circulation, containing personal data.
You may withdraw your consent (if requested from you and you have given it) to the collection, processing and use of your personal data at any time. The personal data controller of the Single Website Platform shall assess your claims based on his/her legal interests. If personal data are no longer needed for pre-defined processing purposes, it shall be deleted.
The administrator of the Single Website Platform shall be responsible and processes personal data by means that must prevent the misuse, unauthorised disclosure, alteration of personal data.
In order to improve the communication of public administration institutions, the personal data controller shall monitor the received personal data. This data in an aggregated form can be used to create overview reports that can be disseminated to the public administration in Latvia. Messages shall be anonymised and not contain any personal data.
The Single Website Platform shall contain access data of the registered and public users, usernames, information selection parameters, traffic information, and Internet Protocol (IP) access address information. Single Website Platform shall use cookies to provide information about visitor activity, pageviews, sources, and time spent on the site. We collect this information to improve the convenience and interests of website visitors to ensure that you receive the best possible service. The processing of personal data shall be carried out as little as possible, only to achieve the purpose of the processing.
We only store your personal data on websites for as long as it is necessary for the purposes for which it was collected. The processors of the personal data of the Single Website Platform who have access to this data are trained to handle it properly and in accordance with the regulatory data security framework.
Personal data shall be stored for as long as there is a legal obligation to store personal data. At the end of the data retention period, the data shall be securely deleted or depersonalised so that it can no longer be linked to the data subject.
Personal data held by the Single Website Platform shall be considered as restricted information and shall only be disclosed to third parties in the cases, in accordance with the procedure and to the extent specified in laws and regulations or concluded agreements. When transferring personal data to the contractual partners of the Single Website Platform (independent controllers), additional provisions regarding the processing of personal data shall be included in the agreements.
Links to other sites with different terms of use and personal data protection rules shall be included on websites.
The institutions involved in the implementation and cooperation of the website platform shall cooperate with each other on the basis of the adopted regulations. If you have any questions or complaints regarding the processing and protection of personal data, report it to the State Chancellery by writing to the e-mail vk@mk.gov.lv, where the information submitted by you will be registered and evaluated, or contact the responsible person for data processing appointed by the State Chancellery. The responsible personal data controller shall be Aldis Apsītis (e-mail address: aldis.apsitis@mk.gov.) Data subjects may submit complaints regarding the use of personal data to the Data State Inspectorate (www.dvi.gov.lv), if the subject considers that the processing of his or her personal data violates his or her rights and freedoms in accordance with the applicable laws and regulations.