Privacy Policy

 

I. General Provisions

1. The purpose of the SIA “UAVFACTORY” (hereinafter – the Controller) privacy policy (hereinafter – the Privacy Policy) is to provide you with information on the purposes for which the Controller obtains personal data, on data volumes and data processing deadlines, on data protection, as well as to inform you about your rights and obligations. 

2. The Controller takes care of your privacy and personal data protection and observes your right to the lawfulness of personal data processing. When processing personal data, the Controller complies with the regulatory enactments in force in the Republic of Latvia, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation), as well as other regulatory enactments regarding privacy and personal data processing.

3. The Privacy Policy applies to the processing of data, regardless of the form and/or environment, in which you provide personal data (paper format, electronically or by phone) and regardless of in which Controller’s system or paper format it is processed.

 

II. Identity of the Controller and its contact details

4. The Controller of personal data processing regarding the seminar/event attendees; customers; website visitors, as well as candidates for vacancies who have submitted an application is SIA “UAVFACTORY”, Reg. No. 40103258664, address: “Jaunbrīdagi 1”, Mārupe District, LV-2167; phone: +371 25378122; e-mail address: info@uavfactory.com; website address: www.uavfactory.com (hereinafter – the Controller).

5. You can contact the Controller regarding issues of personal data protection by writing to the e-mail address info@uavfactory.com, postal address “Jaunbrīdagi 1”, Mārupe District, LV-2167, or by calling +371 25378122. 

 

III. Categories of data subjects

6. The Privacy Policy is applied for the provision of privacy and personal data protection regarding the following groups (hereinafter – the Customers):

6.1. natural persons – candidates (applicants) for positions;

6.2. visitors of the Controller;

6.3. Controller’s customers (including business partners, suppliers of services and goods, etc., including potential, former and present);

6.4. Visitors to the websites maintained by the Controller.

 

IV. Purposes of personal data processing

7. The Controller processes personal data for the following reasons:

7.1. Sales of products and provision of services: 

7.1.1.to identify the representative of the Customer (legal entity);

7.1.2.to organise and to provide procurement (offer);

7.1.3.to prepare and to sign agreements;

7.1.4.to deliver products and services (fulfilment of contractual obligations);

7.1.5.to develop new products and services;

7.1.6.to review objections or claims;

7.1.7.for the administration of settlements;

7.1.8.for debt recovery;

7.1.9.to maintain websites and to improve their operation.

7.2. Business planning and analytics;

7.3. Customer safety, protection of company property;

7.4. To provide the organisation of the recruitment process and to safeguard its legal interests as far as it is related to the recruitment process:

7.4.1. to assess the candidate’s compliance with the requirements set by the Controller for the specified vacancy;

7.4.2. to sign an agreement with the candidate, who meets the requirements of the Controller;

7.4.3. to raise, to enforce and to defend the lawful claims of the Controller.

7.5. For the legitimate purposes of the Controller:

7.5.1.to conduct its business;

7.5.2.to verify the identity of the Customer (representative of the legal entity or authorised person, natural person) before concluding the transaction;

7.5.3.to ensure the fulfilment of contractual obligations;

7.5.4.to save the Customer’s applications and submissions regarding the concluded transaction;

7.5.5.to design and to develop the product; 

7.5.6.to send other reports on the progress of the performance of the agreement and events relevant to the performance of the agreement, as well as to conduct Customer surveys on the previously purchased goods and received services;

7.5.7.to prevent fraudulent activities against the Controller;

7.5.8.to provide corporate governance, financial and business accounting and analytics;

7.5.9.to provide efficient management processes of the Controller’s company;

7.5.10.to ensure and to improve the quality of products and services;

7.5.11.to administer payments;

7.5.12.to perform video surveillance for business security;

7.5.13.to perform video surveillance test flights for product development;

7.5.14.to organise and to provide training for unmanned aircraft operators and maintenance personnel;

7.5.15.to inform the general public of its activities.

8. The Controller may process personal data of the candidates for recruitment purposes for a specific vacancy, for which the candidate is applying or for future-orientated recruitment, if the candidate has given his/her prior consent.

 

V. Legal grounds for personal data processing

9. Legal grounds for the processing of personal data implemented by the Controller for the following purposes of personal data processing:

9.1. Product sale:

Regulation Article 6 (1) 

Sub-Clause (b) (processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract), 

Sub-Clause (c) (processing is necessary for compliance with a legal obligation to which the controller is subject) and 

Sub-Clause (f) (processing is necessary for the purposes of the legitimate interests pursued by the controller).

9.2. Business planning and analytics: 

Regulation Article 6 (1) Sub-Clause (f) (processing is necessary for the purposes of the legitimate interests pursued by the controller).

9.3. Customer safety, protection of company property: 

Regulation Article 6 (1) Sub-Clause (f) (processing is necessary for the purposes of the legitimate interests pursued by the controller).

9.4. For the provision of the recruitment process: 

Regulation Article 6 (1): 

Sub-Clause (1) (the data subject has given consent to the processing of his or her personal data for one or more specific purposes), 

Sub-Clause (c) (processing is necessary for compliance with a legal obligation to which the controller is subject) and 

Sub-Clause (f) (processing is necessary for the purposes of the legitimate interests pursued by the controller); 

Clauses 33, 35 and 38 of the Labour Law

9.5 Legitimate interests of the company: 

Regulation Article 6 (1) Sub-Clause (f) (processing is necessary for the purposes of the legitimate interests pursued by the controller).

 

VI. Processing, protection and storing of personal data

10. The Controller processes Customer data using the capabilities of modern technologies, taking into account the existing privacy risks and the organisational, financial and technical resources that are available to the Controller.

11. The Controller does not perform automated decision-making; data processing involves human participation in the process of adopting decisions about data processing.

The Controller protects the Customer’s data using modern technologies, taking into account the existing privacy risks and the reasonably available organisational, financial and technical resources of the Controller, including security measures such as firewalls and intrusion protection and detection programs. 

12.1.Firewall.

12.2.Intrusion protection and detection programs.

12.3.Control of access rights to information.

12.4.Physical access control.

12.5.Other protection measures in accordance with the current possibilities of technical development.

13. The Controller may authorise cooperation partners to carry out certain personnel-related activities, such as authorising their cooperation partners to carry out certain recruitment activities to ensure an efficient recruitment process, such as publishing of job advertisements and processing of the CVs received from the candidates, etc. When the cooperation partners process the personal data of the candidate for the performance of these activities, the respective cooperation partners shall be considered as the Controllers of the data processing of the Controller. 

14. In the case referred to in Clause 13, the Controller and cooperation partners (as the processor of personal data) shall ensure compliance with the requirements of personal data processing and protection in accordance with the Controller’s requirements and regulatory enactments, and shall not use personal data for purposes other than those specified in the data processing agreement signed between the Controller and the processor, as well as other tasks assigned by the Controller.

15. The Controller shall implement measures to ensure that any natural person acting under the authority of the Controller and having access to personal data, only processes them for the performance of his or her duties.

 

VII. Duration of the storage of personal data

16. The Controller stores and processes the Customer’s personal data for as long as at least one of the following criteria exists:

16.1.as long as the agreement signed with the Customer is valid;

16.2.the data are required for the purpose, for which they were collected;

16.3.until the Customer’s application is fully reviewed and/or executed;

16.4.while the Controller or the Customer is able to implement their legitimate interests (for example, submit objections or bring an action in court) in accordance with the procedures specified in external regulatory enactments;

16.5.there is a legal obligation for the Controller to store the data;

16.6.while the Customer’s consent to the processing of their data is still valid, unless there are other legal grounds for the processing of the data. 

17. After the circumstances referred to in Clause 16 cease to exist, the Customer’s personal data shall be deleted. Audit records are kept for at least one year from the date of their performance.

18. The Controller does not store personal data submitted by the applicant after the end of the recruitment, unless the parties agree otherwise and the applicant has agreed to the relevant processing of personal data after the end of the recruitment process.

 

VIII.Categories of personal data recipients

19. The Controller will not disclose any personal data of its Customers or any information obtained during the provision of services and during the term of the agreement to third parties, including information about the services received, except:

19.1.subject to the clear and unambiguous consent of the Customer;

19.2.to the persons provided for in the external regulatory enactments upon their justified request, in accordance with the procedures and to the extent as specified in the external regulatory enactments;

19.3.in the cases provided for by the external regulatory enactments, for the protection of the Controller’s legal interests, for example, when filing claims to courts or other state institutions against the person who has violated the Controller’s legal interests.

 

IX. Transfer of personal data

20. The Controller does not transfer personal data to third parties, except to the extent necessary for the reasonable conduct of business, ensuring that the relevant third parties observe the confidentiality of the personal data and ensure appropriate protection.

21. The Controller has the right to transfer Personal Data to the Controller’s suppliers, subcontractors, strategic partners and others, who assist the Controller in its business activities in order to implement the relevant cooperation. However, in such cases the Controller will request confirmation from these recipients to only use the received information for the purposes for which these data have been provided, and in accordance with the requirements of the applicable regulatory enactments.

 

X. Access to personal data by third-country entities

22. If it is necessary to perform data processing or storage outside the territory of the EU or the EEA, it shall be performed in compliance with the provisions of Clause 21 of this document.

The transfer, processing or storage of data outside the territory of the EU or the EEA is only permitted with the prior written consent of the Controller, provided that one of the following conditions is met:

23.1.the data are transferred for processing (including for storage) to a country that has been recognised by the European Commission as having a sufficient level of data protection;

23.2.the data are transferred for processing or storage under the conditions set out in the Regulation for transfers outside the EU or the EEA.

 

XI. Access to personal data and other rights of the Customer

24. The Customer may receive the information pertaining to the processing of the Customer’s personal data specified in the regulatory enactments.

25. In accordance with regulatory enactments, the Customer also has the right to request access from the Controller to his/her personal data, as well as to request the Controller to supplement, correct or delete or restrict processing in relation to the Customer, or the right to object to processing (including against the processing of personal data implemented for the legitimate interests of the Controller), as well as the right to data portability. This right is exercised insofar as the processing of data does not result from the obligations of the Controller imposed by the applicable regulatory enactments and which are performed in the public interest.

26. The Customer may submit a request for the exercise of his/her rights in the following way:

26.1.in written form at the Company’s office in Mārupe (address: “Jaunbrīdagi 1”, Mārupe, Mārupe District, LV-2167) or using the postal service; 

26.2.by e-mail, by signing the document with a secure electronic signature and by sending it to the e-mail address: info@uavfactory.com

27. Upon the receipt of the Customer’s request for the exercise of its rights, the Controller verifies the identity of the Customer, evaluates the request and executes it in accordance with the regulatory enactments.

28. The Controller sends a response to the Customer by post to the contact address provided by him/her in a registered letter or to an e-mail with a secure electronic signature (if the application is submitted with a secure electronic signature), taking into account the place for receiving the response as provided by the Customer.

29. The Controller ensures the fulfilment of data processing and protection requirements in accordance with the regulatory enactments, and in the case of the Customer’s objections, performs useful actions to resolve the objection. However, if this fails, the Customer has the right to apply to the Data State Inspectorate. 

30. The Controller undertakes to ensure the accuracy of the personal data and relies on its customers, suppliers and other third parties, who transfer the personal data to ensure the completeness and accuracy of the transferred personal data.

 

XII. Customer’s consent to personal data processing, and the right to revoke it

31. The Customer consents to the processing of personal data, the legal basis of which is consent (for example, to receive commercial communications, analysis of personal data) in writing in person at the Controller’s office, on the Controller’s website and mobile applications or another place, where marketing activities are organised.

32. The Customer has the right to revoke the consent provided for data processing at any time in the same way as it has been provided and/or in accordance with the procedure specified in Clause 30. In such case, further processing based on the prior consent for the specific purpose no longer takes place.

33. Revocation of consent does not affect the data processing that was carried out, when the Customer’s approval was still in effect.

34. Revocation of consent does not interrupt any data processing carried out on other legal grounds.

 

XIII. Commercial information

35. The Controller shall communicate commercial information about the services of the Controller and/or third parties and other communication not related to the direct provision of the agreed services (e.g., customer surveys) in accordance with external regulatory enactments or in accordance with the Customer’s consent.

36. The Customer consents to the receipt of commercial communications by the Controller and/or its cooperation partners in writing in person at the Controller’s office, on the Controller’s website or at another place, where the Controller organises the marketing activities.

37. The Customer’s consent to receive promotional messages shall be valid until revoked (also after termination of the service agreement). The Customer may revoke their consent to receiving any further promotional messages at any time in any of the following ways:

37.1.by sending an email to: info@uavfactory.com;

37.2.by submitting a written application at the Controller’s office;

37.3.using the automated option provided in the commercial communication to unsubscribe from receiving further notifications by clicking on the link for unsubscribing at the end of the relevant commercial communication (e-mail).

38. The Controller ceases the sending of commercial statements, as soon as the Customer’s request is processed. The processing of the request depends on technological capabilities, which can last for up to 3 days.

39. By expressing their opinion in surveys and providing their contact information (e-mail, telephone), the Customer agrees that the Controller may contact them using the provided contact information regarding the assessment provided by the Customer.

 

XIV. Photo and video capturing

40. Customers (seminar and event attendees) are informed that in some cases, when the Controller’s work is covered in mass media or in the Controller's media (Controller’s website, Facebook, Twitter, Linkedin accounts), photos and videos of the Controller's event visitors may be processed and the legal basis for the processing of such data is the protection of legitimate interests, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh such interests, and in particular, if the data subject is a child.

41. Prior to the relevant event, the Controller shall inform the participants of the event about the planned processing of personal data in accordance with the requirements of Article 13 of the Regulation, including information on the processing of personal data in invitations and before entering the venue.

 

XV. Website visits and handling of cookies

42. Cookies may be used on the Controller’s website:

42.1.Cookies are files that websites store on the computers of the users to recognise the users and make it easier for them to use the site. Internet browsers may be configured to alert the visitor about the use of the cookies and to choose whether the visitor agrees to accept them. Not accepting the cookies will not prevent the Customer from using the website, but it may restrict the Customer’s ability to use the website;

42.2.The Controller’s website may contain links to third-party websites, which have their own terms of use and personal data protection regulations, which the Controller is not responsible for. 

 

XVI. Other provisions

43. The Controller has the right to make changes and additions to the Privacy Policy, as well as to make it available to the Customer, and to publish it on the Controller’s website.

44. The Controller keeps previous versions of the Privacy Policy and they are available on the website.

 

______

UAVFACTORY LTD (c) 2020