Privacy Policy

Privacy Policy

for D8 Corporation Ltd. (SIA)

The purpose of this Privacy Policy is to provide the natural person with information on the purpose, scope, protection, deadline of processing and rights of the data subject during the collection of personal data, as well as during the processing of personal data.

Personal Data Controller

The personal data controller is SIA “D8 Corporation” (hereinafter D8 Corporation), registration No 40103282007, Riga, Bieķensalas Street 21, LV-1004, Latvia, phone number: +371 67473940, e-mail: info@d8corp.com.

D8 Corporation contact information regarding personal data processing is available at: info@d8corp.com. When using this contact information or contacting the registered office of D8 Corporation, questions about the processing of personal data may be raised.

General Terms and Conditions

  1. This Privacy Policy describes in general terms how D8 Corporation processes and protects your personal data. More detailed information on the processing and protection of personal data is described in the contracts and internal regulations.

  2. D8 Corporation ensures the confidentiality of personal data within the scope of applicable laws and regulations and has implemented appropriate technical and organizational measures to protect personal data from unauthorized access, unlawful processing or disclosure, accidental loss, alteration or destruction.

  3. D8 Corporation may use data processors to process personal data. In such cases, D8 Corporation takes the necessary steps to ensure that such processors process personal data in accordance with D8 Corporation’s instructions and applicable laws and regulations, and requires appropriate security measures to be taken.

  4. D8 Corporation website may use cookies. Cookies are files that websites place on computers of the users in order to identify the user and make it easier for the user to use the website. Internet browsers can be configured to alert the visitor about the use of cookies and to allow the visitor to agree to accept them or not. Failure to accept cookies will not prevent the visitor from using the D8 Corporation website, but it may limit the visitor’s possibilities for the use of the website. D8 Corporation website may contain links to third party websites that have their own terms and conditions of use and protection of personal data, for which D8 Corporation is not responsible.

  5. With regard to specific types of data processing (for example, cookie processing, etc.), environment and purposes, additional specific rules may be laid down, of which the data subject is informed when he/she provides the relevant data to D8 Corporation.

Categories of Personal Data

  1. Personal data is collected both from the data subject and, if necessary, from external sources, such as the databases and registers held by D8 Corporation. The categories of personal data that D8 Corporation collects and processes primarily, but not exclusively, are as follows:

    1. Identification data – name, surname, personal identification code, date of birth;

    2. Contact information – address, telephone number, e-mail address;

    3. Professional data – education, function, place of work;

    4. Data obtained and/or created whilst performing duties laid down in laws and regulations.

Purpose and Legal Grounds for Processing Personal Data

  1. D8 Corporation processes data:

    1. to establish and maintain contractual relationship (including within the framework of employment relationship);

    2. to ensure the circulation of documents within the company;

    3. to identify D8 Corporation customers, including communicating news to customers, conducting customer satisfaction surveys, etc.;

    4. for maintenance and performance improvement of D8 Corporation website;

    5. to protect the interests of D8 Corporation customers and/or D8 Corporation;

    6. to fulfil legal obligations incumbent on D8 Corporation;

    7. for business planning and analytics – statistics and business analysis, planning and accounting, data quality assurance, risk management;

    8. to ensure the security of information, information systems and enterprise;

    9. for other specific purposes of which the data subject is informed when he/she provides the relevant data.

  2. Legal grounds for processing personal data:

    1. for conclusion and performance of the contract – to enter into a contract with the data subject and ensure its performance;

    2. for the fulfilment of laws and regulations – to fulfil an obligation provided for under laws and regulations that are binding to D8 Corporation;

    3. in accordance with the consent of the data subject;

    4. in the lawful (legitimate) interests – to pursue the legitimate interests of D8 Corporation arising from the obligations or the contract concluded between D8 Corporation and the data subject or according to the law;

    5. protection of the vital interests of the data subject or of third parties.

  3. D8 Corporation’s legitimate interests include, but are not limited to:

    1. carrying out commercial activities;

    2. verifying the identity of the data subject before entering into a contract;

    3. ensuring the fulfilment of contractual obligations;

    4. preserving the applications and submissions of data subjects;

    5. protecting the legitimate interests of D8 Corporation in court, other state institutions, as well as by receiving legal assistance;

    6. advertising its goods and services;

    7. implementing social corporate responsibility and public investment policy;

    8. promoting the corporate culture of D8 Corporation;

    9. offering high quality and verified information technology products and solutions;

    10. preventing unreasonable financial risks related to its business;

    11. maintaining D8 Corporation website, functioning of Internet sites, developing and implement improvements;

    12. designing and developing goods and services;

    13. providing corporate governance, finance, business accounts and analytics;

    14. ensuring effective D8 Corporation governance processes.

  1. D8 Corporation protects personal data through the use of modern technology, taking into account existing privacy risks and D8 Corporation’s reasonably available organizational, financial and technical resources, including the following security measures and security solutions:

    1. data encryption when transmitting data (SSL encryption);

    2. firewall;

    3. intrusion protection and detection programs;

    4. other protection measures according to the current technical development possibilities.

  1. In the cases of categories of personal data recipients, where the data must be transferred to the relevant third party:

    1. within the framework of the concluded contract in order to perform any function necessary for the performance of the contract or delegated by law;

    2. in accordance with the clear and explicit consent of the data subject;

    3. to the persons provided for in the external laws and regulations upon their justified request according to the procedures and to the extent set out in these laws and regulations;

    4. in cases specified in the external laws and regulations and for the protection of the legitimate interests of D8 Corporation, for example, by addressing to a court or other state institutions against a person who has infringed these legitimate interests.

Geographical Area of Personal Data Processing

  1. Personal data is primarily processed in the European Union, but due to the specific nature of D8 Corporation’s activities, in certain cases, D8 Corporation transfers an information containing personal data to relevant third country subjects, after informing the data subject about possible risks related to the transfer of personal data and obtaining the data subject’s consent;

  2. In the cases mentioned above, D8 Corporation shall ensure the level of personal data processing and protection of statutory procedures equivalent to that laid down in Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Storage Period

  1. Personal data is processed for as long as necessary for the purpose of processing personal data. The storage period is based on the contract concluded with the data subject, the legitimate interests of D8 Corporation, applicable laws and regulations or as long as the D8 Corporation’s consent to the relevant processing of personal data is in force, unless another legal grounds for the processing of personal data exist. The personal data shall be deleted when the circumstances set out in this Privacy Policy cease to exist.

  2. D8 Corporation stores personal data as long as at least one of the following criteria is met:

    1. as long as D8 Corporation or the data subject may exercise his/her legitimate interests according to the procedures set out in the external laws and regulations;

    2. as long as a legal obligation to store the data exists for one of the parties;

    3. as long as the data subject’s consent to the relevant processing of personal data is in force, unless another legal basis for the processing of data exists.

    4. the data is necessary for the purpose for which it was received;

  3. The personal data of the data subject shall be deleted or destroyed when the circumstances set out in this paragraph cease to exist. Audit records are stored for at least one year from the date of their performance according to the provisions set out in the laws and regulations.

Rights of the Data Subject

  1. The right to receive statutory information about the processing of one’s personal data by D8 Corporation.

  2. The right to require D8 Corporation to access, supplement, correct, delete one’s personal data or to restrict the processing of one’s personal data, the right to object to the processing of personal data, including the processing of personal data by D8 Corporation on the grounds of D8 Corporation’s lawful (legitimate) interests, as well as the right to transfer one’s personal data and to withdraw one’s consent to the processing of personal data in accordance with the laws and regulations.

  3. The right to submit a complaint regarding the processing of personal data to the Data State Inspectorate of Latvia (www.dvi.gov.lv), if the person considers that the processing of personal data violates his/her rights and interests under the laws and regulations.

  4. D8 Corporation reserves the right to make changes or additions to this Privacy Policy by publishing the current version of the Privacy Policy in the “Privacy Policy” section of the D8 Corporation website.