Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (elsewhere in the text referred to as the Regulation), please be informed about the processing of personal data when concluding an agreement on the interest free purchase in arrears of products (elsewhere in the text referred to as the Principles).

Controller

Public Limited Company Latvenergo, registration number: 40003032949, registered office: Pulkveža Brieža iela 12, Riga, LV-1230 (hereinafter also referred to as - Latvenergo AS, Controller or We)

Contact details of the Controller

Registered office: Pulkveža Brieža iela, Riga, LV-1230;

E-mail: info@latvenergo.lv

Contact details of the Data Protection Officer

Address: Pulkveža Brieža iela, Riga, LV-1230;

E-mail: fpda@latvenergo.lv

Purpose of processing of the data

Conclusion and fulfilment of agreement on the interest free purchase in arrears of products, control of its fulfilment.

Personal data that we process

By expressing a wish to enter into an agreement on the interest free purchase in arrears of products (elsewhere in the text – agreement), we will process your name, surname, personal code, address, information about the desired payment period, information about the payments made during the performance of liabilities under the agreement, the product you want to buy, the information about the delivery address, your phone number and e-mail address, photos and documents of the object submitted by you to evaluate the possibility of installing the product. Also, before concluding the agreement, we will check in the internal systems whether you have historically had outstanding liabilities towards the Controller, which could be an obstacle to concluding a new agreement (taking on additional liabilities). In order to manage our credit risk and evaluate your creditworthiness, we will request and obtain information from Kredītinformācijas birojs AS and CREFO birojs AS about your former and existing liabilities and the discipline of their fulfilment (date of origination of liabilities, initial amount of liabilities, remaining amount of liabilities, liabilities type), and in order to evaluate your ability to fulfil your liabilities, we will invite you to submit a statement issued by the State Revenue Service on the income of a natural person (borrower) if the amount of the post payment exceeds EUR 30,000 and/or your personal identity number does not contain any birth data. The statement may contain the following data: place of issuance of the statement, date and number, name of the taxpayer, registration number, address, gross income (EUR) and income generation period.

You will be subject to automated decision-making, including profiling, based on your credit rating created by us. Credit rating is a points system we have developed that is applied to all customers and is used to infer and predict the customer’s future ability to make payments. The credit rating may be downgraded if there is a possibility that the customer may have difficulty making further payments, such as having a debt. The downgraded credit rating is upgraded under certain conditions, such as if the debt has been paid and no new debt is incurred in the coming months. The potential consequences of a downgraded credit rating could be, for example, a ban or restriction on purchasing any of our goods or services.

In separate cases based on the duty imposed by the principle “know your customer” included in the Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing we could request additional information. In case we ask you for additional information, but you do not provide it, then it may be an obstacle to concluding an agreement on the interest free purchase in arrears of products, or to be a reason to terminate the agreement, if it has already been concluded.

The legal (juridical) grounds for processing

The legal basis for the processing of personal data necessary for the performance of a measure prior to the conclusion of an agreement in order to prepare an offer for you, the conclusion and performance of an agreement is Article 6(1)(b) of the Regulation.

The processing of personal data will take place on the basis of Article 6(1)(f) of the Regulation, in order to use the information received from the credit information bureaus and you, including the information indicated in the statement on the borrower's income issued by the State Revenue Service, on the creditworthiness of the customer or potential customer, that is, you, for the evaluation of you and management of our credit risk, in compliance with the provisions of the Law on Credit Bureaus. In order to evaluate the validity of the claims, the Controller may use your personal data, processed in the Controller's systems and received from you when you write us submissions, requests or call us, on the basis of legitimate interest. The Controller can use the contact information to contact you and inform about current news related to the concluded agreement, for example, inform about the need to make a payment.

When administering the performance of the agreement, the Controller will keep accounting records reflecting the service received and the billing information in accordance with Article 6(1)(c) of the Regulation and the Accounting Law.

With regard to the credit rating system developed by the Controller, Article 6(1)(b) of the Regulation and Article 22(2)(a) of the Regulation shall apply, namely, to ensure that you are provided in a timely manner with any information about delayed fulfilment of liabilities arising from the already concluded agreements, as well as to fully assess the possibility of concluding other agreements.

When fulfilling the obligation to implement the “know your customer” principle specified in the Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing, our actions will be based on Article 6(1)(f) of the Regulation.

To whom we transfer and from whom we receive your personal data

Your personal data will be processed by Controller’s authorised staff, in accordance with the scope specified in their job duties, observing the requirements specified in personal data protection and other regulatory enactments, as well as the requirements for the processing of personal data specified in Controller’s internal regulatory enactments.

We may transfer your personal data to and receive them from the following partners and institutions:

• the Controller’s external service providers (processors), who may be authorised to perform certain data processing activities on behalf and under the supervision of the Controller, such as service providers who provide installation, warranty service or remote management of the product, providers of the debt recovery service, if you have debt obligations;
• under certain circumstances (for example, if a complaint is received about the relevant service), the data may be transferred to law enforcement or supervisory authorities, the court, as well as to the Controllers' processors - legal service providers;
• Credit Information Bureaus;
• postal and logistics service providers;
• banks and other settlement and financial service providers;
• service providers who ensure the exchange of information between the Controller and financial service providers;
• the Office of Citizenship and Migration Affairs, the Land Register, comparing the information provided by you with the information in public registers, if applicable;
• state institutions, which must provide the information specified in regulatory enactments;
• audit and audit service providers.

It is not planned to transfer the personal data to recipients located outside of the countries of the European Union or European Economic Area.

How long we keep data for

All information reflected in the agreement and reflecting the fulfilment of the obligations under the agreement shall be kept for at least ten years after the termination of the agreement. The Controller, if it considers that the information reflecting the fulfilment of the obligations under the contract is not relevant, reserves the right to erase certain information earlier. If your order is approved, the information received from third parties, including the statement issued by the State Revenue Service on the income of the natural person (borrower), which was obtained in order to manage our credit risk and evaluate your creditworthiness before concluding an agreement on the interest free purchase in arrears of products, will be stored for three months. If your order is rejected, the information will be stored for one month from the day the order was rejected.

The information confirming the fulfilment of the obligation specified in the Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing will be kept for at least five years.

If a complaint is received or the Controller’s legal interest is breached, for example, there is a dispute about the amount of services received, the relevant information may be retained until the issue is resolved, for example, until the final court decision enters into force.

Rights of the data subject (you)

Right of access. You have the right of access to your personal data and to receive information from Latvenergo AS about the processing of your personal data. Using the Controller's contact information, you may request information about the processing of your personal data if the information provided in these Principles does not seem sufficiently exhaustive to you.

Right to rectification. If you notice any inaccuracy in your personal data, you have the right to ask Latvenergo AS to rectify incorrect personal data by sending a relevant request using the contact details specified by Latvenergo AS.

Right to erasure. You have the right to ask Latvenergo AS to delete your personal data, but we draw your attention to the fact that your request may be fulfilled if:

• personal data are no longer necessary in connection with the purposes specified in the Principles for which they were processed;
• personal data is unlawfully processed;
• You have objected to processing and the legitimate grounds for the processing of Latvenergo AS are not more important than your legitimate reasons;
• personal data must be deleted in accordance with the requirements of regulatory enactments.

Please note that the right to erasure does not apply in cases where, in accordance with the laws and regulations, Latvenergo AS is obliged to process personal data or the processing is necessary for archiving, public interest or statistical purposes, as well as due to bringing, implementing or defending a lawful requirement.

Right to restrict the processing of data. You have the right to request that Latvenergo AS restricts the processing of your personal data if:

• You believe that the data is being processed illegally or is inaccurate (the restriction will be effective while the non-contentious appeal process is in progress);
• You believe that the processing is illegal but you do not wish to delete these personal data;
• You have objected to processing and as long as it is not verified whether the legitimate grounds for the processing of Latvenergo AS are more important than your legitimate reasons;
• Latvenergo AS no longer requires your data for achieving a certain purpose, but you need it for the establishment, exercise or defence of your legal claims.

Right to object to processing. You have the right to object to the processing of your personal data at any time, based on the legitimate interests and profiling or automated decision-making set out in the Principles. Latvenergo AS has the right to continue processing your personal data if Latvenergo AS indicates compelling legitimate reasons for processing that are more important than your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right to portability. You have the right to receive your personal data that you have submitted to Latvenergo AS in an orderly, transferable and electronically scanned format, and you have the right to request that this data be sent to another Controller if these personal data are processed for the performance of a contract pursuant to Article 6, Paragraph 1, Sub-paragraph b).

Right to lodge a complaint. You have the right to lodge a complaint to Latvenergo AS, as well as to the Data State Inspectorate, if you believe that Latvenergo AS has violated your rights or has not sufficiently protected your Personal data. However, before contacting the Data State Inspectorate, please contact Latvenergo AS.

Procedure for the submission of requests

For the realisation of all the above-mentioned rights, you may use the contact information of Latvenergo AS specified in these Principles, indicating the following personal data in the request: name, surname, personal identification number, postal address (if you wish to receive a reply by registered mail) or e-mail address (if you wish to receive the answer to the email address from which you sent the request).

We invite you to submit your request in one of the following ways:

• send a free-form application electronically to the e-mail info@latvenergo.lv or fpda@latvenergo.lv, signing the application with a secure electronic signature;
• send your signed free-form application by post to: Latvenergo AS; Pulkveža Brieža iela 12, Riga, LV-1230.

General provisions

The Controller may make changes to the Principles at any time and will provide notification about them by publishing the current version of the Principles on its website.

These Principles were updated on 13th August 2024.