Privacy Policy

1. Terms used in the Privacy Policy

1.1. Proof IT – Limited liability company "ProofIT", Reg. No. 40003689924, address: Baznīcas iela 19/23, Rīga, LV-1010 and in the Republic of Lithuania registered company Proof IT Lithuania UAB, Reg. No. 305209149, address: Lvovo g. 25-701, LT-09307 Vilnius.

1.2. GDPR – Regulation (EU) 2016/679 of theEuropean Parliament and of the Council of 27April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General DataProtection Regulation).

1.3. Personal data – any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as the person’s name, surname, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.4. Personal data processing – any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.5. Controller – a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal data.

1.6. Processor – a natural or legal person, public institution, agency or any other structure which processes Personal data on behalf of the Controller.

1.7. Client – a natural or legal person which in person or remotely is receiving Proof IT provided services, as well as any visitor of the website www.proofit.lv.

1.8. Cooperation partner – a natural or legal person which provides services to Proof IT and do not process Personal data in the posession of ProofIT and on behalf of Proof IT.

1.9. Data subject – directly or indirectly identified or identifiable natural person, including allProof IT Clients, Cooperation partners and their indicated contact persons, guarantors or trustees.

2. General provisions

2.1. This privacy policy (henceforth – Privacy Policy) are Proof IT group’s, namely, Limited liability company "Proof IT", Reg. No.40003689924, address: Baznīcas iela 19/23, Rīga, LV-1010 and in the Republic of Lithuania registered company Proof IT Lithuania UAB, Reg. No. 305209149, address: Lvovo g. 25-701, LT-09307 Vilnius (hereinafter – Proof IT) internal rules, which are designed to provide information on Proof IT Personal data processing purposes, legal basis, scope, protection, processing and storage periods, Personal data recipients, and Data subject’s rights during data acquisition and processing.

2.2. Privacy Policy is applied to the protection of privacy and Personal data regarding:

2.2.1. natural persons, namely, Proof IT Clients and Cooperation partners, as well as third parties, who, in the context of information provided by Data subjects during the provision of ProofIT services or cooperation have been identified as contact persons or trustees;

2.2.2. legal persons, if their name consists of natural person’s Personal data or if by the legal person’s provided information it is possible to directly or indirectly identify a natural person.

2.3. Privacy policy applies to Personal data processing, regardless of the form and/or context in which the Data subject providesPersonal data (in writing, orally, by telephone, through a website, in paper or by email, etc.),and in which Proof IT systems or forms they are processed.

3. Information about the Controller

3.1. The Controller is Proof IT: Limited liability company "Proof IT", Reg. No. 40003689924, address: Baznīcas iela 19/23, Rīga, LV-1010, Latvija, telephone no.: +371 26545868, e-mail: proofit@proofit.lv

3.2. For questions related to the Proof IT processing of Personal data, contact the Proof IT designated person for the processing of Personal data or send a message to the electronic mail address: uldis.smilts@proofit.lv. By using this contact information, the Data subject may request information about the processing of theirPersonal data in accordance with article 12.2. of this Privacy policy.

4. Legal basis for Personal data processing

4.1. Proof IT processes Personal data on the basis of the following legal grounds contained in Article 6 of GDPR:

4.1.1. the conclusion and performance of a contract, in order for Proof IT to be able to provide requested services to its Clients, when selling its services, to comprise and conclude a contract, including service provision or sales contract with Clients, contract with Cooperation partners for received services, and to ensure proper performance of the contractual obligations or their modification after the conclusion of the contract, as well as an appropriate termination of the contractual obligations;

4.1.2. to fulfil legal obligations set out in external laws, in order for lai Proof IT to fulfil its legal obligations to itself, the Data subject, state and local governmental institutions, as well as third parties, for example, to comprise appropriate invoices for the provision of services, develop necessary documentation for the provision of services, in accordance with the binding and effective regulatory acts of the EU and the Republic of Latvia;

4.1.3. for the implementation of Proof IT Investments legitimate interests, to realize the legitimate interests of the ProofIT arising from obligations existing between the Proof IT and Data subject, a contract or law, including:

4.1.3.1. to ensure and improve the quality of services requested by theClient;

4.1.3.2. to ensure effective financial and business record keeping and analytics, as well as effective Proof IT management processes;

4.1.3.3. to prevent unreasonable physical and IT security risks, as well as to implement preventive measures;

4.1.3.4. to ensure the protection of ProofIT property;

4.1.3.5. to prevent unjustified financial risks;

4.1.3.6. to prevent fraud and theft;

4.1.3.7. to ensure the fulfillment of the concluded contract;

4.1.3.8. to turn to the public administration, operational and judicial authorities in order to protect Proof IT legal interests.

4.2. When implementing Proof IT legitimate interests, Proof IT interests in relation to the Data subject's rights shall be assessed prior to the processing of Personal data so that the legitimate commercial interests of the Proof IT do not conflict with Data subject's interests and freedoms. Data subject shall be entitled at anytime to request the suspension of such data processing in accordance with Section 12.1. of the Privacy policy.

5. Purposes of Personal data processing and categories of Personal Data

5.1. The following Data subject's Personal data andother information provided by the Data subject may be stored and processed by Proof IT, which may be considered as Personal data in cases where it is possible to directly or indirectly identify the Data subject and are used for the following purposes:

5.1.1. for Providing software solutions and other IT solutions to Clients, or the purposes of comprising and concluding a contract with the Client and for performance and modification of the contractual obligations after the conclusion of the contract, a solution for the development of architecture, prototype and system, system integration, for the purposes of providing services, comprising and sending out invoices, as well as for communication purposes with the Data subject before and during the provision of services:

5.1.1.1. name and surname of the Client;

5.1.1.2. The position and place of employment of the Client;

5.1.1.3. personal identification number of the Client;

5.1.1.4. phone number of the Client;

5.1.1.5. electronic mail address of theClient;

5.1.1.6. written signature of the Client;

5.1.1.7. electronic signature of the Client;

5.1.1.8. Personal data found in on the Client’s service provision platform;

5.1.1.9. Name and surname of the Client’s, which is a legal person, trustee;

5.1.1.10. Position of the Client’s, which is a legal person, trustee;

5.1.1.11. Phone number of the Client’s, which is a legal person, trustee;

5.1.1.12. Electronic mail address of the Client’s, which is a legal person, trustee;

5.1.1.13. Bank account number of the Client’s, which is a legal person, trustee;

5.1.1.14. Written signature of the Client’s, which is a legal person, trustee;

5.1.1.15. Personal data located on or related to the Client’s product or service;

5.1.2. For the security and protection of ProofIT workplace and property, by using video surveillance, access with employee access cards, as well as protecting premises with an alarm system in order to address potential physical and IT security risks, financial risks, theft and fraud, and to turn to public administrations, operational activities and judicial authorities for protecting Proof IT legal interests where needed:

5.1.2.1. Picture of the Data subject or any natural person visiting the commercial premises and office of Proof IT.

5.2. For maintaining, receiving, distributing and providing the quality of services offered by Proof IT to customers through the Cooperation Partners, including the conclusion, execution, modification of the service, cooperation or business agreement after the conclusion of the contract, the provision of contacts with the Cooperation partner or the person authorised by it during the commencement and execution of the cooperation:

5.2.1.1. Name and surname of the Cooperation partner;

5.2.1.2. personal identification number of the Cooperation partner;

5.2.1.3. Phone number of theCooperation partner;

5.2.1.4. Electronic mail address of theCooperation partner;

6. The source for acquisition of Personal data

6.1. Data subject’s Personal data which areprocessed by Proof IT have been obtained fromthe following sources, in accordance withrespective legal basis for processing Personal data as provided in Section 4 of the Privacypolicy:

6.1.1. Personal data which are submitted by theData subject in person or remotely, namely, by using electron is mail, phone or any other remote communication channel;

6.1.2. public registers, databases and publicly available information systems, for instance, public databases of the Register of Enterprises of the Republic of Latvia and Lursoft database;

6.1.3. video footage from the surveillance cameras in Proof IT office and commercial premises;

6.1.4. Personal data submitted by the Cooperation partner, its representatives, trustees or persons who are delegated to perform the service;

6.1.5. information provided by a third party, if receiving of such information has been established by effective regulatory acts.

7. Personal data processing at Proof IT

7.1. Personal data shall be processed in good faith, lawfully and in a transparent manner for theData subject, using the organizational, financial and technical resources reasonably available to Proof IT.

7.2. Personal data are obtained for specific, explicit and legitimate purposes and their further processing is not for unintended purposes or in a manner incompatible with provided purposes.

7.3. Personal data shall be stored in such a way that one may identify the Data subject for no longer than is necessary for the purposes for which the data were collected or processed. Storage periods of Proof IT Personal data are set forth inSection 11 of the Privacy Policy.

7.4. Personal data is acquired by adhering to the principle of minimization of data processing, which means that the data is adequate, relevant and contain only that which is necessary for the purposes of processing.

7.5. Proof IT ensures the accuracy of Personal data and, if necessary, Personal data is updated according to current information or deleted.

7.6. Personal data is processed in such a way as to ensure adequate security of Personal data, i.e.,protection against unauthorized or unlawful processing, accidental loss, destruction or accidental damage.

7.7. To ensure the fulfillment of obligations with respect to the Data subject, Proof IT is entitled to attract and authorize outsourced service providers to perform separate activities on behalf of Proof IT. If, in the course of these tasks, Proof IT partners process the Data subject's data at the disposal of Proof IT, the relevant partners or service providers shall be considered as Processors of Personal data at the disposal of Proof IT, and Proof IT shall have the right to transfer the Personal data of the Data subject to the Processors to the extent necessary for the performance of delegated activities.

7.7.1. In cases where Proof IT authorizes theProcessors to perform a specific task, bothProof IT and the Processors shall ensure the protection of the processing ofPersonal data in accordance with theGDPR, and shall not use the Personal data for any other purpose than the fulfillment of contractual obligations in respect to theData subject on behalf of Proof IT.

8. Processors of Personal data at the disposal of Proof IT

8.1. SIA „LVB Accounting”, Reg. No.40203063439, address: Cālīšpurva iela 27, k3-12c, Baloži, Ķekavas novads, LV-2128, which provide accounting services;

8.2. UAB „BNM Finance“, Republic of Lithuania Reg. No. 302427776, address: Perkūnkiemio iela 7, Viļņa, Lietuva, providing accounting services;

8.3. SIA ES Audits, Reg. No. 48503017501, address: Striķu iela 15-1A, Saldus, LV-3801, providing financial audit services;

8.4. Information on the Personal Data of the Data Subject and the sub-processors of the Processors held by the Processors shall be provided by Proof IT upon receipt of the Data Subject's request in accordance with Section 12.2 of the Privacy Policy.

9. Protection of Personal data

9.1. Proof IT protects Data subject’s Personal data with the use of modern technology, taking into account the existing privacy risks and organizational, financial and technical resources reasonably available to Proof IT, including by the use of the following security measures:

9.1.1. Proof IT uses an SSL-security certificate in operation of the www.proofit.lv Website, providing encrypted data transmission between the Data subject and the server on which the Proof IT internal IT systems are stored and Data subject's Data, which has been received through the Web site;

9.1.2. grants rights of access to the internal IT systems and databases of Proof IT only to a limited number of persons employed byProof IT;

9.1.3. provides access to the Proof IT workrooms only to employees employed byProof IT;

9.1.4. uses firewalls and antivirus programs;

9.1.5. carries out regular and appropriate security checks against the occurrence of intentional attacks on information systems, databases, e-mails and servers maintained by Proof IT, and checks whether any leakage of data has occured;

9.1.6. ensures that persons who work withPersonal data in the possesion of Proof IT are properly trained, as well as have received appropriate and clear instructions regarding the processing ofPersonal data, including security instructions included in the PrivacyPolicy;

9.1.7. ensure that no unauthorized or unlawful deletion, damage, loss, correction, processing, public disclosure or disclosure to third parties of Personal data is permitted;

9.1.8. ensures that all paper format documents and confidential information is stored in are stricted availability location, namely, in the the board members of Proof IT office and in a lockable warehouse and in lockable cabinets therein, as well as on the shelves in the warehouse which are accessible only to the employees employed by Proof IT or persons delegated to carry out specific work duties.

10. Transfer of Personal data to third parties

10.1. In some instances, to ensure provision of services to the Data subject, Proof IT may transfer Personal data in its posession to the group’s company, namely, the company registered in the Republic of Lithuania Proof IT Lithuania UAB, Reg. No. 305209149, address: Lvovo g.25-701, LT-09307 Vilnius, where for the fulfillment of specific tasks, Proof IT Lithuania UAB may act as a Controller or a Joint Controller.

10.2. Personal data held by Proof IT is not transferred to third parties, except in the case mentioned in Article 10.1., as well as when:

10.2.1. the data transfer to the third party concerned is required within the framework of a contract to perform a contractual obligation or legal obligation delegated by law;

10.2.2. Data subject has given explicit, unambiguous consent to the transfer of itsPersonal data;

10.2.3. to disclose Personal data is the obligation of Proof IT to persons specified in regulatory enactments at their reasoned request, in accordance with the procedures and in the amount prescribed by regulatory enactments;

10.2.4. for the protection of Proof IT legitimate interests, for example, by applying to a court or other state institutions against a person who has infringed the Proof IT legitimate interests.

10.3. When transferring Personal data to third parties,Proof IT shall assess the security level of protection and processing of Personal data by the third party, to ensure the highest possible protection of the Data subject’s information.

11. Personal data storage periods

11.1. Proof IT processes Personal data at its disposal for as long as the following conditions are met:

11.1.1. During the execution of Proof IT provided services;

11.1.2. while the contractual relationship with theData subject is in effect;

11.1.3. for as long as Personal data is required for the purpose for which they were received;

11.1.4. or as long as necessary to ensure the fulfilment of legitimate interests of ProofIT or the Data subject, such as the ability ofProof IT or the Data subject to file an objection or to bring an action in court, as a defendant – to defend their rights;

11.1.5. while one of the parties has a legal obligation to store the data, for example in accordance with the Labour Law, Civil Law or the law “On Accounting”.

11.2. When none of the conditions mentioned in Section 11.1. can no longer be applicable, Personal data is erased.

11.3. Paper-based documents are stored in a restricted access location, namely, in a lockable warehouse and key-protected cabinets located within, as well as in the storage shelves located in the warehouse, in accordance with the storage periods set out in regulatory enactments, but not longer than 10 years, as well as to ensure the legitimate interests of Proof IT, such as performance of contractual obligations, debt collection, or in case of potential litigation

12. Rights of the Data subject to access their Personal data

12.1. The Data subject has the right to be informed about what Personal data is at Proof IT disposal in relation to the processing of Data subject’sPersonal data, and to request access to, correction, replenishment or deletion of their Personal data, to limit the processing, and to object to the processing of Personal data based on the legitimate interests of Proof IT, as well as to exercise the right to data portability, to the extent that Proof IT is able to provide it technically.

12.2. The Data subject may submit a request for the exercise of his rights, by submitting a request for excercising Data subject’s rights to the Proof IT contact person responsible for Personal data protection matters and his e-mail address: Uldis.Smilts@proofit.lv.

12.3. Upon the receipt of the Data subject's request, Proof IT verifies the identity of the Data subject, evaluates the request and executes it in accordance with regulatory enactments.

12.4. Proof IT shall send a reply to the Data subject's e-mail address within 30 days of receipt of the Data Subject's request by the person responsible for the processing of Personal data, or through postal services by signed-for mail. If there is a need to clarify the information or carry out a more detailed investigation before answering, the response may take longer than 30 days, depending on the content of the request, but not more than 60 days.

12.5. In cases where Personal data is processed on the basis of regulatory acts, on a contractual basis, or in order to implement the legitimate interests of Proof IT, a request for deletion of Personal data may not be implemented, which shall be communicated to the Data subject within 30 days after Proof IT responsible person for processing Personal data has received a request to delete the respective data. The answer is provided with a clear, unequivocal justification for why it is not possible to carry out the deletion of Personal data. Conversely, upon receipt of a reasonable request for the deletion of Personal data, an appropriate deletion of Personal data within 30 days of receipt of the Data subject's request shall be ensured.12.6. Disputes related to the processing of Personal data shall be resolved through negotiations between the Data subject and Proof IT. If theData subject considers that the processing ofPersonal data violates the person's rights and interests in accordance with the applicable laws and regulations, the Data subject has the right to file a complaint to Proof IT responsible person for processing Personal data by submitting a filled-in complaint form, or straight to the DataState Inspectorate of the Republic of Latvia, address: Blaumaņa Street 11/13-11, Riga, LV1011, Latvia, e-mail address: info@dvi.gov.lv.

13. Other provisions

13.1. Proof IT constantly develops and improves its operations, rules on internal order and security, thus, the Privacy Policy may be changed or supplemented at any time.

13.2. The current version of the Privacy Policy is available to any Data subject electronically at www.proofit.lv. Additionally, the current version of the Privacy Policy, as well as the previous versions are available by request at Proof IT’s responsible person for processingPersonal data.