Privacy Policy

+371 27 81 53 96

Principles for the Processing of Clients’ Personal Data

1. Definitions

LR – Republic of Latvia
EU/EEA – European Union / European Economic Area
The Bureau – JSC “PADVA, PARINOV UN PARTNERI”
Client – any natural person who is using, has used, or has expressed the wish to use the Bureau's services, or is otherwise related to such services
Personal Data – any information that directly or indirectly relates to a Client
Sensitive Personal Data – data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, data concerning health, sex life or sexual orientation, as well as genetic and biometric data and criminal convictions
Processing of Personal Data or Processing – any operation performed on Personal Data, such as collection, recording, organisation, structuring, storage, alteration, access, retrieval, transfer, deletion, or destruction
Data Processor – any person authorised by the Bureau to process Personal Data on its behalf

2. General Provisions
2.1. These principles outline the general rules for the processing of Clients’ Personal Data. Specific service agreements may include additional rules, including but not limited to the processing of Personal Data outside the EU/EEA, or the processing of sensitive data.

2.2. The Bureau ensures the confidentiality of Personal Data and applies appropriate technical and organisational measures to protect it from unauthorised access, unlawful processing or disclosure, and accidental loss, alteration, or destruction, in accordance with applicable legal acts.

2.3. The Bureau may engage authorised data processors. In such cases, the Bureau takes all necessary steps to ensure that data processors act in accordance with the Bureau’s instructions and relevant regulations, and implement adequate security measures.

2.4. The Bureau’s cookie policy is published on its website www.padva.eu.

2.5. The Bureau does not make decisions that have legal consequences solely or predominantly based on automated processing. Automated tools may be used as a supporting measure but do not replace human decision-making.

2.6. If the Bureau violates these Principles and such violation may result in a high risk to the rights and freedoms of the data subject, the Bureau shall notify the affected individual without undue delay.

3. Categories of Personal Data
3.1. Personal data may be obtained from the Client, as a result of the Client using the services, or from third-party sources, such as public and private registers or other third parties. The categories of personal data that the Bureau primarily, but not exclusively, collects and processes include:
3.1.1. Identification data, such as name, surname, personal identification number, date of birth, and identity documents (e.g., passport or ID card copy). Copies of identity documents are primarily required for verifying citizenship, residence, document validity, and other information necessary to fulfill contractual and legal obligations in the field of immigration law and in cross-border contexts.
3.1.2. Contact information, such as address, phone number, email address, preferred communication language.
3.1.3. Family data, including information about the Client’s family members, heirs, and other related individuals.
3.1.4. Insurance-related data, including insured persons and third parties affected by claims.
3.1.5. Legal entity affiliation data, including data provided or obtained from public registers or third parties regarding transactions on behalf of a legal entity.
3.1.6. Professional data, such as educational background or professional experience.
3.1.7. Financial data, such as bank accounts, ownership rights, transactions, loans, income, liabilities, investment objectives, and data collected during service provision or while assessing and managing investment risks.
3.1.8. Source of wealth data, such as business activity and information about the Client’s business partners.
3.1.9. Due diligence and reliability data, including financial behavior, losses or damages caused to the Bureau or third parties, and information required for anti-money laundering (AML), combating the financing of terrorism (CFT), and international sanctions compliance. This may also include the purpose of the relationship and politically exposed person (PEP) status.
3.1.10. Regulatory compliance data, such as information requested by law enforcement, tax authorities, courts, or bailiffs, including income, debts, assets, and legal records.
3.1.11. Tax residency data, such as country of residence, taxpayer identification number, and citizenship.
3.1.12. Communication data, such as video and audio recordings from office visits or service locations, phone conversations, emails, messages, and social media interactions.
3.1.13. Service-related data, including performance or non-performance of agreements, active and expired contracts, submitted applications, requests, complaints, service payments, and insurance history.
3.1.14. Preference and satisfaction data, including usage patterns, service usage statistics, survey responses, and satisfaction metrics.
3.1.15. Special category data, such as health information, association memberships, and criminal records.

4. Purposes and Legal Basis for Personal Data Processing
The Bureau processes Personal Data primarily for the following purposes:
4.1. To manage client relationships and provide access to services and products; to conclude and perform contracts (e.g., transactions with the Client); to ensure the accuracy and completeness of data through internal or external verification, based on:

performance of a contract or taking steps at the Client’s request prior to entering into a contract, or
compliance with a legal obligation.

4.2. To assess creditworthiness and risk, including internal evaluations to determine what services and under what conditions may be offered; to meet the Bureau’s internal calculation and analysis needs, based on:

performance of a contract or pre-contractual steps at the Client’s request, or
compliance with a legal obligation, or
the Bureau’s legitimate interest in maintaining accurate and up-to-date Personal Data.

4.3. To protect the interests of the Client and/or the Bureau and evaluate service quality, and to provide evidence of commercial transactions and other communication (e.g., call recordings), based on:

contract performance or pre-contractual steps,
legal obligations,
Client’s consent, or
the Bureau’s legitimate interest in preventing, limiting, or investigating misuse or interference with its services, or for internal training and service quality assurance.

4.4. To ensure the security of the Bureau and/or the Client, to protect life and health, and to safeguard the rights and property of the Bureau and its Clients (e.g., video and/or audio recordings), based on:

the Bureau’s legitimate interest in protecting its clients, staff, premises, and assets.

4.5. To offer additional services, conduct surveys, market analysis, and gather statistics, including personalized offers from the Bureau or trusted partners, based on:

Client’s consent or
the Bureau’s legitimate interest in offering relevant additional services.

4.6. To conduct customer satisfaction surveys, analyze the market, organize games or campaigns, based on:

the Bureau’s legitimate interest in improving its services and customer experience, or
Client’s consent.

4.7. To fulfill legal obligations and verify identity, including compliance with applicable laws and international agreements (e.g., responsible lending, customer due diligence, “Know Your Customer” requirements), disclosure of investment-related transactions to competent authorities, and efforts to prevent money laundering, terrorism financing, and PEP identification, based on:

contract performance or pre-contractual steps,
compliance with a legal obligation, or
the Bureau’s legitimate interest in managing enterprise-wide risks.

4.8. To prevent misuse and ensure service quality, prevent unauthorized access or use, and ensure information security, based on:

contract performance or pre-contractual steps, or
legal obligation compliance.

4.9. To improve IT systems and infrastructure, adapt service interfaces for different devices, and develop new services, based on:

the Bureau’s legitimate interest in improving technical capabilities and user experience.

4.10. To establish, exercise, and defend legal claims, based on:

contract performance or pre-contractual steps,
compliance with legal obligations, or
the Bureau’s legitimate interest in enforcing its legal rights.

5. Recipients of Personal Data
Personal Data may be disclosed to the following categories of recipients:
5.1. Public authorities, including law enforcement agencies, bailiffs, notaries, tax administrations, supervisory authorities, and financial intelligence units.

5.2. Credit institutions and financial service providers, including insurance service providers and financial intermediaries, as well as third-party entities.

5.3. Auditors, legal advisors, financial consultants, or other data processors acting on behalf of the Bureau.

5.4. Third-party registry holders, such as credit registries, population registers, commercial registers, securities registers, and other databases containing or transmitting Client’s Personal Data.

5.5. Debt collectors, based on the assignment of claims; courts and out-of-court dispute resolution bodies, as well as bankruptcy or insolvency administrators.

5.6. Other entities involved in service provision, including:

archiving service providers,
postal service providers,
third parties offering services for which the Client has requested e-invoicing,
healthcare providers (in the case of life insurance),
sellers of leased assets and their authorized servicing entities,
and companies responsible for managing payments and fines related to such leased assets.

6. Geographic Area of Processing
6.1. As a general rule, Personal Data is processed within the European Union (EU) and European Economic Area (EEA). However, in specific cases, Personal Data may be transferred to and processed in countries outside the EU/EEA.

6.2. The transfer and processing of Personal Data outside the EU/EEA may occur if there is a legal basis, such as:

a contractual requirement or pre-contractual measures at the request of the Client;
the Client’s consent;
other legal grounds supported by appropriate security measures.

Acceptable security measures may include:

contracts containing the EU’s Standard Contractual Clauses (SCCs) or other rules, codes of conduct, or certifications approved in accordance with the GDPR;
transfer to a third country recognized by the European Commission as ensuring an adequate level of data protection;
transfer to a recipient certified under the Privacy Shield framework, where applicable (see: https://www.privacyshield.gov/welcome).

6.3. Upon request, the Client may obtain further details regarding the transfer of their Personal Data outside the EU/EEA.

7. Data Retention Period
7.1. Personal Data is processed only for as long as necessary to fulfill the purposes for which it was collected. The retention period may be based on:

an agreement with the Client;
the legitimate interests of the Bureau;
or applicable legal requirements (e.g., laws on accounting, anti-money laundering, statutes of limitations, civil law, etc.).

8. Client Rights as a Data Subject
In accordance with applicable data protection laws, the Client (as a data subject) has the following rights with regard to the Processing of their Personal Data:

8.1. Right to rectification – to request correction of their Personal Data if it is inaccurate, incomplete, or incorrect.

8.2. Right to object – to object to the Processing of their Personal Data if the use is based on the Bureau’s legitimate interests, including profiling for direct marketing purposes (e.g., receiving marketing offers or participating in surveys).

8.3. Right to erasure – to request the deletion of their Personal Data, for example, if the data is processed based on the Client’s consent. This right does not apply if the Personal Data is also processed on another legal basis, such as a contract or legal obligation.

8.4. Right to restriction of processing – to restrict the Processing of their Personal Data in accordance with applicable legal acts, for example, during the period in which the Bureau is assessing whether the Client has the right to erasure.

8.5. Right of access – to obtain information on whether the Bureau is processing their Personal Data and, if so, access to such data.

8.6. Right to data portability – to receive their Personal Data that they have provided to the Bureau, which is being processed based on consent or a contract, in a commonly used electronic format and, where technically feasible, to transmit such data to another service provider.

8.7. Right to withdraw consent – to withdraw previously given consent to the Processing of Personal Data.

8.8. Right to lodge a complaint – to file a complaint with the Data State Inspectorate (www.dvi.gov.lv) if the Client believes that the Processing of their Personal Data violates their rights and interests as defined by applicable law.

9. Contact Information
9.1. Clients may contact the Bureau with any questions, to withdraw consent, make requests, exercise their data subject rights, or submit complaints related to the use of their Personal Data.

9.2. The Bureau’s contact details are available on its website: www.padva.eu

10. Validity and Amendments of the Principles
10.1. These Principles are available to clients at the Bureau’s office and on the website: www.padva.eu.

10.2. The Bureau reserves the right to unilaterally amend these Principles at any time in accordance with applicable legal acts, by notifying the Client of such amendments at the Bureau’s offices, on the website, by post, email, through online banking messages, or by any other means (e.g., during a personal meeting with a representative of the Bureau) no later than one month before the amendments take effect.

Riga, 4 July 2025

Copyright Notice
The content (materials) published and displayed on www.padva.eu is protected under the Copyright Law of the Republic of Latvia. Any copying, modification, storage, archiving, or full or partial publication of the materials published on www.padva.eu is prohibited without the prior written consent of PADVA, PARINOV UN PARTNERI.

Legal Disclaimer
The information provided on www.padva.eu does not constitute and should not be considered legal advice. Although we strive to ensure that the information on this website is accurate and reflects the latest legal developments, legal advice can only be given by a qualified attorney or specialist who is familiar with the specific facts of your case.