Processing of personal data

Business Register of the Republic of Latvia (hereinafter - Enterprise Register), address - Pērses Street 2, Riga, LV - 1011, e-mail address - pasts@ur.gov.lv.

Personal Data Protection Officer: E-mail address - pasts@ur.gov.lv, phone 67031727, 67031703.

Personal data means information relating to an identified or identifiable natural person (hereinafter - data subject): the name, surname and identification of the person, such as personal code, date of birth, contact details, workplace.

The Enterprise Register shall process personal data only for the performance of its functions and tasks in conformity with the regulatory framework specified in regulatory enactments.

The Enterprise Register shall demonstrate its commitment to the protection and security of personal data under the framework of the General Data Protection Regulation, the Law on the Processing of Personal Data and other legislation, and to respect the principles of good practice in the processing of personal data in its activity:

• to process personal data legally, in good faith and transparently, by providing information on data processing processes on the website of the Enterprise Register and their legal basis and purposes (for purposes). The processing of personal data shall be carried out only by those employees whose duties include the pursuit of such activities;
• to process personal data for clear, specific and legitimate purposes, not to carry out processing with original intent in a non-compatible manner;
• apply the principle of minimizing data size and processing — process only the data necessary to achieve data processing purposes;
• ensure the accuracy of the data — rectification or updating of inaccurate data, unless otherwise specified in regulatory enactments;
• keep the data within the storage period required for the purpose of processing the data or for the purposes of legislation;
• use and continuously develop proportionate technical and organisational measures to ensure the confidentiality, integrity (invariability) and security of personal data, including protection against unauthorised or illegal processing, accidental loss or damage of data.

Processor (operator of the Enterprise Register information system):

• Association of persons Visma consulting Ltd, Unified registration No. 40103916493, legal address – Sporta Street 11, Riga, and SIA 'OAK software', Unified registration No. 40103504819, legal address – Slokas Street 185-13, Riga;
• State joint stock company 'Courthouse Agency', Unified registration No. 40003334410, legal address – Baldones Street 1B, Riga

The Enterprise Register shall carry several public registers in which information regarding rightholders and legal facts shall be registered in accordance with regulatory enactments:

• The register journal of undertakings (companies);
• The commercial Register;
• Register of associations and foundations;
• A register of political parties;
• Register of religious organisations and their institutions
• Media Register
• A register of representations and representatives of foreign merchants and organisations;
• A European register of economic interest groups;
• The Register of Arbitration Courts;
• A register of commercial pledges;
• The insolvency register;
• The matrimonial property regime register;
• A list of public persons and institutions;
• A register of the beneficial owners of legal arrangements (trusts and similar arrangements);
• A list of appraisers of the financial contribution;
• Register of public organisations (historical);
• Trade Union Register (historical);
• Register of public-private Partnership Agreements (historical), etc.

Legal justification for the processing of personal data:

• Article 6(1)(c) of the General data Protection Regulation (processing is necessary to fulfil a legal obligation relating to the controller) and (e) (performance of public administration tasks carried out in the public interest or in the exercise of official powers lawfully conferred on the controller);
• law on the Enterprise Register of the Republic of Latvia and regulatory enactments regulating the registration of relevant legal entities and legal facts (Commercial Law, Law on Trade Unions and foundations, Law on political Parties, Law on religious organisations, Law on the Press and other mass Media, Law on Arbitration Courts, insolvency Law, commercial pledge Law, Law on European Economic interest groups, Cabinet Regulation No. 401 of 3 September 2002, Cabinet of Ministers for registration of Representation and representatives of Foreign Economic operators and organisations, etc.).

Purpose (purpose) of processing personal data

• registration of rightholders and legal facts in order to establish legal status of rightholders and to ensure public credibility and availability of information on rightholders and legal facts;
• keeping registers of rightholders and legal facts.

Categories of personal data

• information identifying the natural person;
• contact details of the natural person;
• the account details of the natural person in the payment documents;
• indirect identification data.

Sources of personal data

• applications from interested parties;
• judgments of the Court,
• decisions of the national regulatory authority;
• data of other State information systems (for example, population Register, Invalid documents Register, etc.) in order to verify the correctness of data, including the status of a person (alive or dead), capacity to act, legal status;
• notifications received in the system of interconnection of registers from the foreign register in the cases specified in regulatory enactments.

Period of retention of personal data

• Current and historical data of rightholders and legal facts, i.e. entries of registers and registered information, shall be permanently stored in the Enterprise Register information system (Law on the Enterprise Register of the Republic of Latvia 4. section ⁹, Paragraph two), unless otherwise specified in regulatory enactments.
• Time periods for the storage of cases of registration of rightholders and legal facts, i.e. documents:

Rights of the data subject

• The right of access pursuant to Article 15 of the General data Protection Regulation to request and receive data processing information: legal basis for processing, purposes, categories of personal data and recipients thereof, etc.
• The right to lodge a complaint with the data State Inspectorate.

Limitation of the data subject's rights

• The right to rectify and delete personal data is limited by the Law on the Enterprise Register of the Republic of Latvia 3. section ¹ – in order to promote the security and stability of the economic and legal environment, to ensure the public credibility and availability of records of registers and the integrity and invariability of documents, a person does not have the right to rectify or erase personal data in registers kept by the Enterprise Register, in the information registered in other registers, as well as in documents included in the registration file of rightholders and legal facts until the relevant information or documents are stored in registers kept by the Enterprise Register.
• The right to data portability is limited by the third paragraph of Article 20 of the General data Protection Regulation.

The Enterprise Register shall operate in accordance with the objective of operation of the Enterprise Register specified in the Law on the Enterprise Register of the Republic of Latvia – to perform registration of rightholders in order to establish the status of rightholders and ensure public reliability and availability of data of public registers of news.

In order to strengthen the fight with money laundering and terrorism financing in the public interest, the amendments of 2019 to the Law on Prevention of money Laundering and terrorism and Proliferation financing and the Law on International and national Sanctions of the Republic of Latvia imposed an obligation on the Enterprise Register to ensure that every person has the possibility to identify online natural persons – transaction partners (beneficial owners) in order to ascertain that the restrictions specified in the Sanctions Law are not applicable to them.

Consequently, by 07.01.2020. the latest (up-to-date) information regarding the rightholders and legal facts registered in the registers kept by the Enterprise Register, including personal identification data - given name, surname, personal identity number (if the person does not have a personal identity number - date of birth and personal identification document data), shall be freely and free of charge available on the Enterprise Register information website, including unidentified users.

It should be noted that, by making public records available to unidentified users, the legislature examined whether, in the present case, a person's right to protection of his data prevails over the public interest. In view of the public disclosure objectives, it is concluded that for general public interest purposes, in particular economic and financial interests, the prevention of money laundering and for other purposes, ensuring the availability of data in the public interest as a whole is fully justified as it affects both the material (financial) situation of each individual and the risk to life (annotation of the Law of 14 November 2019, Amendments to the Law on the Enterprise Register of the Republic of Latvia, is available on the website of the Saeima).

On the website of the data State Inspectorate, which is the institution supervising the lawfulness of data processing in Latvia, the opinion of the Inspectorate regarding the publication of data of the Enterprise Register is available.

Categories of recipients of personal data

• any natural or legal person may receive:
  • On the website of the Enterprise Register - generally accessible information and documents regarding the rightholder and legal facts, including true beneficiaries (legal justification for the transfer of data - the Law on the Enterprise Register of the Republic of Latvia 4. section ¹⁰, Paragraph five and Clause 4. Article ¹¹, paragraphs one, two and three);
  • upon request, indicating the justification and purpose for the use of information - information for which restricted access status has been determined in accordance with the Regulation of the Law on the Enterprise Register of the Republic of Latvia (legal justification for the transfer of data - the Law on the Enterprise Register of the Republic of Latvia) 4. section ¹⁵, Paragraph four);
  • in the form of open data in the open data portal of Latvia, the gov.lv/lv - identifying data (given name, surname, part of the personal identity number (if there is no personal identity number - month and year of birth) of members of the board of directors of rightholders, members of the representative members or other representative officials and companies with limited access (SIA) and members (shareholders) of capital companies and the unique resource identifier granted by the Register), identifying data (given name, surname, part of the personal identity number (if there is no personal identity number, – month and year of birth), nationality, country of residence and unique resource identifier allocated by the register) (legal justification for the transfer of data – Law on the Enterprise Register of the Republic of Latvia 4. section ¹⁰, Paragraph twelve;
  • General available information of the Register information system – using the API manager of the State information systems integrator (VISA) sharing component of the State Regional Development Agency, including for re-use (legal justification for the transfer of data - Law on the Enterprise Register of the Republic of Latvia 4. section ¹⁰, paragraphs two and five). The Enterprise Register shall not transfer personal data for re-use outside the European Union or the European Economic area;
  • identifying data of the persons entitled to represent the rightholders and of the persons beneficially benefitting them through the European e-Justice Portal (E-Justice), maintained by the European Commission.
• State and local government institutions, law enforcement authorities, courts shall receive data in the amount specified in regulatory enactments for the performance of their functions (legal justification for the transfer of data – Law on the Enterprise Register of the Republic of Latvia 4. section ¹⁰, Paragraph one, Clause 4. section ¹⁵, Paragraph four).
• international organisations:
  • State institutions of the Member States of the European Union shall receive identifying data of officials of executive bodies of rightholders, using the European Union Internal market information system (Ima) (website http://ec.europa.eu/imi-net) (legal justification for the transfer of data - Section 22 of the Law on free provision of services and Cabinet Regulation No. 419 of 28.06.2016, Regulations regarding the procedures for the Exchange and supervision of information within the Internal market information system, the responsibility of institutions involved in the Exchange of information and the procedures for issuance of a European Professional Card);
  • The registry authorities of the Member States of the European Union, Islande, Liechtenstein and Norway shall receive the identification of the persons entitled to represent the rightholders through the Business registers interconnection system (BRIS). (legal justification for the transfer of data – Section 4 of the Law on the Enterprise Register of the Republic of Latvia (5. ¹³) Paragraph).

The processing of personal data of the applicant shall be carried out only by the employees of the Enterprise Register involved in the recruitment contest, ensuring the integrity, confidentiality and security of the data.

Legal basis for the processing of personal data:

• Article 6(1)(c) of the General Data Protection Regulation (processing is required to fulfil a legal obligation applicable to the controller) and (a) (the data subject has given consent to the processing of his data expressed in the transmission of his data to the recruitment competition);
• Article 7, Article 8 and Article 9 of the National Civil Service Law;
• Article 38 of the Labour Act.

Purpose of processing personal data (purpose)

Recruitment for establishing employment or civil service legal relationships.

Personal Data Categories

• information identifying the natural person;
• contact details of the natural person;
• educational data of a natural person;
• data on the experience and skills of a natural person.

Date of storage of personal data

1 year (after closing the competition)

Rights of the data subject

• the right of access to request and receive information on the processing of their data in the Enterprise Register in accordance with Article 15 of the General Data Protection Regulation;
• the right to correct inaccurate data;
• the right to delete their data;
• right to lodge a complaint with the State Data Inspectorate.

The Enterprise Register shall record the telephone calls 67031703 of the informative phone. Conversation records shall be stored to ensure their integrity, confidentiality and security.

Processor: company with limited liability SIA 'Helmes Latvia', single registration number 40003016728, registered office – Mūkusalas Street 42D, Riga.

Legal basis for the processing of personal data

• Article 6(1)(e) of the General Data Protection Regulation (performance of public administration tasks carried out in the public interest or in the exercise of official powers legally conferred on the controller) and (f) (processing is necessary to meet the legitimate interests of the controller or third party);
• Section 10, Paragraph six of the Law on State Administration Equipment (obligation to verify and improve the quality of the services provided to the public).

Purpose of processing personal data (purpose)

Quality assurance and improvement of advice, handling complaints about the behaviour of the Authority

Personal Data Categories

Voice and information provided by a natural person

Date of storage of personal data

2 months, then the phone entries are permanently deleted.

Rights of the data subject

Right to lodge a complaint with the State Data Inspectorate.

Transfer of personal data

A telephone entry may be issued to law enforcement authorities on the basis of a reasoned request.

Messages received by pasts@ur.gov.lv shall be reviewed at the official electronic mail address of the Enterprise Register, ensuring the integrity, confidentiality and security of messages.

Processor: State stock company 'Courthouse Agency', single registration number 40003334410, registered office: Baldones Street 1B, Riga.

Legal basis for the processing of personal data

• Article 6(1)(e) of the General Data Protection Regulation (performance of public administration tasks carried out in the public interest or in the exercise of official powers legally conferred on the controller) and (f) (processing is necessary to meet the legitimate interests of the controller or third party);
• Section 10, Paragraph six of the Law on State Administration Equipment (obligation to verify and improve the quality of the services provided to the public).

Purpose of processing personal data (purpose)

Provision of advice and information, quality assurance and improvement, receipt and transmission of electronic documents, handling complaints about the conduct of an institution

Personal Data Categories

• information identifying the natural person;
• contact details of the natural person;
• information provided by a natural person.

Date of storage of personal data

1 year, then emails are permanently deleted.

Cookies (cookies) are small text files downloaded and stored on your computer or mobile device during a website visit. Cookies help to keep track on how you used the website and keep track of pages you visited, store your information and remember your choices such as language settings. The use of cookies support us in providing you with a good experience in browsing the site, as well as improving the website. The text file can only be read by this website. This text file is not harmful, cannot contain a virus or program code, and cannot be linked to a specific person or IP address.

Legal basis for the processing of personal data

• Article 6(1)(a) of the General Data Protection Regulation — Consent of the data subject;
• Section 10, Paragraph six of the Law on State Administration Equipment (obligation to verify and improve the quality of the services provided to the public);
• Cabinet Regulation No. 399 of 4 July 2017, Procedures for the Accounting, Quality Control of Public Administration Services, paragraph 23 (obligation to obtain search and use statistics in order to improve the ease of use of your website or application).
• Information Society Services Act 7. Article ¹, second paragraph.

Purpose of processing personal data (purpose)

Cookies are needed to make it easier for the user to use the digital services of the Enterprise Register. Cookies enable the Enterprise Register to improve and adapt the functions of the website and the services offered to the needs of users, by gathering information on visitors’ experience on the Enterprise Register websites.

Categories of cookies by the purpose of use

Cookies by category of use are divided into the following categories:

• Technical (or required) cookies without which the functioning of the website is technologically impossible or significantly constrained. These cookies are necessary to enable the basic features of this site to function, . and therefore cannot be excluded, in accordance with Section 7.1 (2) of the Information Society Services Act, the user's consent to use this category of cookies is not necessary;
• Personalized (or visitor settings) cookies: allows the application to remember the user preference on the site, such as the language selected, the number of search results requested etc.. Personalized cookies do not require the user consent, these cookies are responsible for a service that is directly selected by users (e.g your labguage selection). When users choose their own conditions of use,cookies are used only for this purpose, the relevant cookies shall be exempt from the provisions of Section 7.1 (2) of the Information Society Services Law;
• Analytical and statistical cookies: Allows the cookie manager to follow and analyze users' behaviour on the website (list number of visits and sources) so that we can evaluate and improve the perfromance of our website. They help us to understand which pages are the most and the least popular,and how users use our site. User consent is required to process such cookies.

The following cookies are used on the www.ur.gov.lv website:

Technical cookies - provide basic features and correct functioning of the site, the website will not be able to function properly without these cookies

Personalised cookies - responsible for a service directly requested by users (language selection, number of search results requested, service aspect or content, depending on your browser). When users choose their own conditions of use, consent to cookies is not required

Analytical cookies - the website uses Google Analytics software cookies that help obtain anonymous information about a visitor's activities on a website (such as a visited page, visit date, etc.), which is used for statistics and analysis, according to the stated purposes

The website uses cookies created by Google Inc. 's 'Google Analytics' program. The purpose of using these cookies is to improve the quality of the content of our website and to adapt the content to the needs of users. The information generated by these cookies is sent to the Google server in the US and stored there. However, personal data (your IP address) through IP-anonymisation is truncated within the territory of the European Union or the European Economic Area and may only be released for processing on Google servers located in the United States in exceptional cases. Google uses this information to assess how you use the relevant website to produce reports on visitor activity on the site and to provide other services related to the use of the site. Google does not in any way associate the IP address received here with any other information available to Google. If necessary, Google may provide this information to third parties if it is statutory or if it is processed on behalf of Google by a third party.

Without accepting the use of statistical cookies, visit data is not included in the Google Analytics statistics.

You can read more about the Google Analytics Terms of Service on the http://www.google.com/analytics/terms/us.html website.

Consent/non-consent/withdrawal of consent for the creation of cookies

When you visit a website, the user is presented with a message window that the website uses cookies. If you click the “Accept” option, it will mean that you are familiar with the information about cookies, the purposes of their use, when the information is passed on to the third parties and have agreed to use of all cookies on the website.

By pressing the 'Decline' button, you will not agree with the use of an analytical (statistical) cookie, but the technical cookies that are necessary to ensure the functioning of the site will still work and do not need to obtain the user's consent.

For technical cookies, user consent is not required because these cookies provide a complete and continuous display of website content so that you can sign in to the website and have adequate experience of digital browsing and online use.

For personalized cookies, they are exempted from the need for consent, given that cookies are responsible for a service directly requested by the user (e.g. by choosing the language of the website).

How you can control and delete cookies

If you want, you can control and delete cookies. You can delete all the cookies on your computer, and most browsers can be set up to block acceptance of all cookies on your computer. However, if you do, you will need to adjust some settings manually every time you visit the site, and some services and functions may not work.

You can get more information about cookies, including how they can be managed or deleted, on the www.aboutcookies.org website.

In the information systems under the management of the Enterprise Register, including the website, the activities carried out are audited in accordance with the procedures laid down in the legislation in order to create audit records (for analysis, records recording data on specific events are available (e.g. data on access to the information system, data entry, modification, deletion, retrieval, etc.).

Legal basis for the processing of personal data

• Article 6(1)(c) of the General Data Protection Regulation (processing is necessary to fulfil a legal obligation applicable to the controller);
• Section 37 of the Law on the Processing of the Data of Natural Persons;
• Cabinet Regulation No. 23, Regulation No. 07.01.2020, Regulations for Issuing the Enterprise Register of the Republic of Latvia and Price List of Payment Services;
• Cabinet Regulation No. 764, regulation 11.10.20202020, General Technical Requirements for State Information Systems, paragraph 4.3;
• Cabinet Regulation No. 442 of 28.07.2015, Procedures for ensuring compliance of information and communication technology systems with minimum safety requirements, paragraphs 15.10 and 24.6.

Purpose of processing personal data (purpose)

• On the website of the Enterprise Register, the identity of the person who requested and received the information available in authentication on the website of the Enterprise Register;
• Ensuring the security of the information system of the Enterprise Register and other information systems under its supervision.

Personal Data Categories

• personal authentication data;
• connection metadata: user access data, information selection parameters, traffic and IP address information.

Rights of the data subject

• access rights;
• the right to lodge a complaint with the State Data Inspectorate.

Date of storage of personal data

In the Enterprise Register information system, on the Enterprise Register information issue website – 18 months, in another information resource – 6 months, the audit trail is automatically permanently deleted.

Transfer of personal data

In the event of an information system security incident, the data may be transmitted to a law enforcement authority on the basis of a reasoned request.

The Enterprise Register shall ensure the possibility of receiving data services in a standardised manner, using the API Manager sharing components of the National Information System integrator (ALL). The Enterprise Register shall process as a controller the data of the natural persons (users of services) indicated in the data importer's application.

Legal basis for the processing of personal data

• Article 6(1)(c) of the General Data Protection Regulation (processing is necessary to fulfil a legal obligation applicable to the controller);
• 4 of the Law On the Enterprise Register of the Republic of Latvia. Article ⁸, fourth paragraph.

Purpose of processing personal data (purpose)

• to transfer information to the State Regional Development Agency for the establishment of access, which ensures the receipt of information from registers carried by the Enterprise Register;
• where necessary, for contacts with the persons identified in the application in the various data exchange issues.

Personal Data Categories

• the identifying information of the natural person identified in the data importer's application;
• contact details of the natural person indicated in the data importer's application.

Rights of the data subject

•  the right to lodge a complaint with the State Data Inspectorate.

Date of storage of personal data

10 years

Transfer of personal data

The data referred to in the data application may be transmitted to the law enforcement authority on the basis of a reasoned request.

Data shall not be transmitted to third parties or third countries.

We are informed that the personal data indicated in the data importer's application is also processed by the National Regional Development Agency (Valsts digitālās attīstības aģentūra or VDAA):

Legal basis for the processing of personal data by the VDAA

• Article 6(1)(c) of the General Data Protection Regulation (processing is necessary to fulfil a legal obligation applicable to the controller);
• Section 10, Paragraph two of the Law on State Information Systems;
• Cabinet Regulation No. 374, Regulations Regarding the Integration of State Information Systems, 14.06.2016;
• Cabinet Regulation No. 442 of 28.07.2015, Procedures for ensuring compliance of information and communication technology systems with minimum safety requirements, paragraph 15.10.

Purpose of processing personal data (purpose)

• ensuring the circulation of data between VDAA and third party systems;
• ensure verification of the identity and access rights of the users of the national information system;
• ensure the existence of service metadata and personal identity certificates for investigations or claims processing.

For the receipt of information regarding the State Digital Development Agency as curators, the data protection specialist and the processing of data carried out shall be invited to refer to the The State Digital Development Agency - https://www.vdaa.gov.lv/en/privacy-policy

Processor (operator of the Enterprise Register information system):

• Association of persons Visma consulting Ltd, Unified registration No. 40103916493, legal address – Sporta Street 11, Riga, and SIA 'OAK software', Unified registration No. 40103504819, legal address – Slokas Street 185-13, Riga;
• State joint stock company 'Courthouse Agency', Unified registration No. 40003334410, legal address – Baldones Street 1B, Riga

Within the scope of its competence the Enterprise Register shall evaluate, register, record and update information regarding the application of sanctions specified by the Member State of the International and national and North Atlantic Treaty Organisation to legal entities or persons registered or entered in public registers.

Legal justification for the processing of personal data:

• Paragraphs 1(c) (processing is necessary to fulfil a legal obligation relating to the controller) and (e) (performance of public administration tasks in the public interest or in the exercise of official powers vested in the controller) of the general data protection regulaspant;
• section 4, Clause 5 of the Law on the Enterprise Register of the Republic of Latvia. paragraph ¹⁵, second, third and fourth paragraphs of Article ², 4. ¹⁰ Twelfth (4) and (4). points (d) and (e) of the first paragraph of Article ¹⁵, paragraph 49 of the transitional provisions;

Purpose (purpose) of processing personal data

• registration of sanctioning entities in order to ensure public access to information on sanctioning entities and sanction risks.

Categories of personal data

• personal identification information.

Sources of personal data

• laws, decisions, information provided by other bodies;
• Information in the registers kept by the Enterprise Register and documents at the disposal of the Enterprise Register.

Availability of personal data

Data identifying natural persons of sanction subjects: given name, surname, personal identity number (if the person does not have a personal identity number - date of birth) and nationality, shall be freely and free of charge available on the website of the Enterprise Register, including unidentified users. Until the development of the appropriate technical solution, but no later than 02.06.2025, details of the sanctions subjects shall be published on the Enterprise Register website in the form of a summarised list.

Period of retention of personal data

• Current and historical data of rightholders and legal facts, i.e. entries in registers and registered information, shall be permanently stored in the information system of the Enterprise Register (4 of the Law on the Enterprise Register of the Republic of Latvia. section ⁹, Paragraph two).

Rights of the data subject

• The right of access pursuant to Article 15 of the General data Protection Regulation to request and receive data processing information: legal basis for processing, purposes, categories of personal data and recipients thereof, etc.
• The right to lodge a complaint with the data State Inspectorate.

Limitation of the data subject's rights

• The right to rectify and erase personal data is limited to Section ¹ of the Law on the Enterprise Register of the Republic of Latvia – in order to promote the security and stability of the economic and legal environment, to ensure public credibility and availability of records of registers and the integrity and unity of documents, a person does not have the right to rectify or erase personal data in records kept by the Enterprise Register, in the information registered in other registers, as well as in documents included in the registration file of rightholders and legal facts until the relevant information or documents are stored in the registers kept by the Enterprise Register.

The right to data portability is limited by the third paragraph of Article 20 of the General data Protection Regulation.