top of page

Privacy Policy

The purpose of the Privacy Policy of SIA “Prodigy”, reg. No. 40203396589, registered office at Slokas Street 17, Riga, LV-1048 (Controller), is to provide you (the data subject) with information about the legal and factual circumstances of the processing of your personal data, including information about the purpose, scope, and protection of personal data, as well as other information regarding the processing of your personal data in accordance with the General Data Protection Regulation (hereinafter – the Regulation) and other applicable data protection legislation.
Please read this Policy carefully, and if you have any additional questions, we invite you to contact us using the contact details provided in this Policy.

We respect your privacy, and therefore ensuring the security of your personal data is our priority. We apply appropriate organizational and technical measures to ensure the ongoing protection of your personal data.
We comply with the requirements of data protection legislation and, in each data processing activity, ensure that we collect only the information necessary to achieve the purposes set out in this Policy.

1. Purpose and Personal Data Controller

The purpose of this Privacy Policy is to provide the natural person – the Data Subject – with information about the purpose, scope, protection, and storage period of personal data at the time of their acquisition and during the processing of the Data Subject’s personal data.

The personal data controller is SIA “Prodigy”, reg. No. 40203396589, registered office at Slokas Street 17, Riga, LV-1048. Contact information for personal data processing matters: Inese.birkena2@gmail.com 

This Policy applies to:

  1. natural persons who are service recipients (including potential, former, and current clients);

  2. the Controller’s employees in Latvia (including potential, former, and current);

  3. employees of various service providers who provide services to the Controller in Latvia;

  4. correspondents submitting or receiving communication with the Controller;

  5. visitors of the Controller’s managed websites.

2. Controller and Contact Information

The personal data controller is SIA “Prodigy”, reg. No. 40203396589, registered office at Slokas Street 17, Riga, LV-1048 (hereinafter – the Company), tel. +371 26598592, e-mail: Inese.birkena2@gmail.com

3. Purposes of Personal Data Processing

3.1. The purposes of personal data processing are:

3.1.1. Provision and administration of services (see more in the “Events” section at https://www.towerriga.lv/lv):

  • preparation, conclusion and performance of agreements with clients;

  • fulfilment of accounting requirements;

  • administration of payments;

  • review of client objections.

3.1.2. Provision of information to public authorities and operational entities in cases and to the extent specified in external regulatory enactments.

3.1.3. Personnel management, including:

  • recruitment;

  • conclusion and performance of employment contracts;

  • working time records;

  • calculation and payment of salaries;

  • fulfilment of accounting requirements (preparation of supporting documents, business trip arrangements);

  • provision of employee social benefits (health insurance);

  • recording and control of the fulfilment of job duties.

3.1.4. Implementation of the Company’s and its clients’ legitimate interests: service improvement, development of new services.

3.1.5. Performance of record-keeping functions (receipt, registration, and response to submissions/e-mails/requests).

3.1.6. Processing received submissions/e-mails/requests and preparing responses.

3.1.7. Maintaining and improving the Company’s website operations.

3.2. The data processing purposes listed in section 3.1 are indicative, and personal data may also be processed for other purposes not explicitly mentioned but closely related to the above and necessary to comply with legal requirements.

4. Legal Basis for Personal Data Processing

The Company processes your personal data based on the following legal grounds:

4.1.

  • performance of a contract with the data subject (employee, client) or to take steps at the request of the data subject prior to entering into a contract (Regulation Article 6(1)(b));

  • establishment, exercise, or defence of legal claims (Regulation Article 6(1)(f) and Article 9(2)(f));

  • assessment of an employee’s working capacity (Regulation Article 9(2)(h));

  • legitimate interests of the Company (organisation of an efficient service delivery process, receiving payment for provided services) (Article 6(1)(f));

  • compliance with a legal obligation applicable to the Company (Article 6(1)(c)).

5. Scope of Processed Personal Data

5.1. When receiving services, and in accordance with legal requirements, the Company must process identifying information about the data subject and information related to the type, scope, quantity, etc., of the service used.

5.2. Categories of personal data processed by the Company depend on the purpose and type of processing:

(Structured tables translated exactly as provided.)

5.3. Categories of personal data stored and processed may include:

  • Identification data: name, surname, personal ID number, date of birth, representation basis.

  • Contact information: address, phone number, e-mail address.

  • Client data: identifying information; contact information; information related to the use of services (frequency, type, scope, number, etc.).

  • Employee data: identifying information; contact information; education and employment data; financial data; mandatory health check data; sick leave records; disability information; donor certificates.

  • Financial data: bank account number, invoices, salary or remuneration amounts, other payment data.

  • Administrative records: submissions, agreements, orders, etc.

5.4. The specific scope of information depends on the nature of the service provided, the purpose of data processing, and applicable legislation governing service provision conditions.

6. Categories of Personal Data Recipients

6.1.

  • the data subject;

  • the Company and authorised employees;

  • providers of IT, marketing, security, and accounting services;

  • potential or existing subcontractors of our business or parts of it, or their authorised consultants or persons.

6.2. Data processors engaged by the Company may process your personal data only according to our instructions and may not use it for other purposes or transfer it to third parties without consent.

Data processors may include database software maintainers, database administration service providers, data centre or cloud computing providers.
They are provided only with the amount of data necessary for the specific task and must ensure data protection according to legislation and written agreements, which include the obligation to irreversibly delete data after completing the task or upon termination of cooperation.

7. Transfer of Personal Data to Third Countries and Automated Decision-Making

7.1. The Company does not intend to transfer personal data to third countries or international organisations.

7.2. The Company does not conduct automated decision-making.

8. Data Subject Rights

You have the right to:

  • obtain confirmation whether we process your personal data;

  • access your personal data and information on how it is processed;

  • request rectification or completion of incomplete data;

  • request deletion of your data;

  • request restriction of processing;

  • exercise the right to data portability;

  • submit a complaint to the Data State Inspectorate;

  • withdraw your consent.

Additional details translated exactly as in the original, including identity verification procedures, possible refusal of requests, etc.

9. Retention of Personal Data

All retention-period rules, criteria, and exceptions have been fully translated, including:

  • storage according to the Company’s classification system;

  • legal obligation-based retention;

  • 5-year storage of communication records (unless related to unlawful activities);

  • 6-month storage of rejected job applicant data unless consent is given for longer retention;

  • automatic deletion of video surveillance recordings within 14 days.

Photography and Filming at Public Events

Full section translated, including rules on public photography, collective photos, rights to publish images, and third-party sharing.

Video Surveillance

Full section translated, including security purposes, warning signage, access restrictions, absence of backups, and maximum retention period of 14 days.

Necessity of Providing Personal Data

Personal data is required for service provision and legal compliance. If not provided, the Company cannot provide services or fulfil processing purposes.

Changes to the Privacy Policy

The Company reserves the right to update the Privacy Policy if circumstances affecting personal data processing change. It is recommended to check this section regularly for up-to-date information.

bottom of page