Processing of personal data
8. Processing personal data in audit records for information systems
In the information systems under the management of the Enterprise Register, including the website, the activities carried out are audited in accordance with the procedures laid down in the legislation in order to create audit records (for analysis, records recording data on specific events are available (e.g. data on access to the information system, data entry, modification, deletion, retrieval, etc.).
Legal basis for the processing of personal data
- Article 6(1)(c) of the General Data Protection Regulation (processing is necessary to fulfil a legal obligation applicable to the controller);
- Section 37 of the Law on the Processing of the Data of Natural Persons;
- Cabinet Regulation No. 23, Regulation No. 07.01.2020, Regulations for Issuing the Enterprise Register of the Republic of Latvia and Price List of Payment Services;
- Cabinet Regulation No. 764, regulation 11.10.20202020, General Technical Requirements for State Information Systems, paragraph 4.3;
- Cabinet Regulation No. 442 of 28.07.2015, Procedures for ensuring compliance of information and communication technology systems with minimum safety requirements, paragraphs 15.10 and 24.6.
Purpose of processing personal data (purpose)
- On the website of the Enterprise Register, the identity of the person who requested and received the information available in authentication on the website of the Enterprise Register;
- Ensuring the security of the information system of the Enterprise Register and other information systems under its supervision.
Personal Data Categories
- personal authentication data;
- connection metadata: user access data, information selection parameters, traffic and IP address information.
Rights of the data subject
- access rights;
- the right to lodge a complaint with the State Data Inspectorate.
Date of storage of personal data
In the Enterprise Register information system, on the Enterprise Register information issue website – 18 months, in another information resource – 6 months, the audit trail is automatically permanently deleted.
Transfer of personal data
In the event of an information system security incident, the data may be transmitted to a law enforcement authority on the basis of a reasoned request.