Dzirnavu Str. 37 – 64
LV 1010, Riga
+ 371 67 830 539
Responsible for the content
Director FES Baltic States, Peer Krumrey
This data protection declaration provides information on the nature, extent and purpose of the processing of personal data (hereinafter: ‘data’) within the framework of our online presence and its related websites, functions and contents, as well as external online presences, such as our social media profile (hereinafter: ‘online presence’). As regards the terminology employed, such as ‘personal data’ or its ‘processing’ please refer to the definitions in Art. 4 General Data Protection Regulation (GDPR).
Peer Krumrey, Dzirnavu St 37–64, LV 1010 Riga
+ 371 67 830 539, peer.krumrey(at)fes-baltic.lv
No special categories of data are processed.
Visitors and users of online content.
In what follows we refer to data subjects generically also as ‘users’ (gender-neutral).
As of: June 2020.
1. Substantive legal basis
1.1. Pursuant to Art. 13 GDPR we shall inform you of the legal basis of our data processing. If the legal basis is not specified in the data protection declaration, the following shall apply: the legal basis for obtaining consent is Art. 6 para 1 lit. a and Art. 7 GDPR; the legal basis of processing for the purpose of meeting our obligations and implementing contractual measures, as well as handling enquiries is Art. 6 para 1 lit. b GDPR; the legal basis for processing for the purpose of complying with our legal obligations is Art. 6 para 1 lit. c GDPR; and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 para 1 lit. f GDPR. In the event that the vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 para 1 lit. d GDPR shall serve as legal basis.
2. Changes and updates to the data protection declaration
2.1. We kindly ask you to keep regularly abreast of the contents of our data protection declaration. We shall adapt the data protection declaration whenever changes in our data processing make this necessary. We shall inform you of this whenever, as a result of changes, your cooperation (for example, consent) or other personal notification is required.
3. Security measures
3.1. In accordance with Art. 32 GDPR, and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk, of varying likelihood and severity, to the rights and freedoms of natural persons, we shall take appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to them, as well as related access, input, transfer, availability and separation. Furthermore, we have set up procedures to ensure the protection of data subjects’ rights, the deletion of data and a response in the event that data are compromised. Moreover, we take the protection of personal data into account from the outset in the development and selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
3.2. Security measures include, in particular, encrypted data transfer between your browser and our server.
4. Cooperation with processors and third parties
4.1. In the event that we, within the framework of our processing, disclose data to other persons and companies (processors or third parties), transmit data to them or otherwise grant them access to it, this shall occur only on the basis of legal authorisation (for example, if it is required to transmit data to a third party, such as a payment service provider, in accordance with Art. 6 para 1 lit. b GDPR, in fulfilment of a contract), providing you have given your consent, as stipulated by a legal obligation or on the basis of our legitimate interests (for example, when using agents, web hosters and so on).
4.2. In the event that we task third parties with processing data on the basis of a so-called ‘order processing contract’, this shall take place on the basis of Art. 28 GDPR.
5. Transfers to third countries
5.1. In the event that we process data in a third country (that is, outside the European Union [EU] or the European Economic Area [EEA]) or this takes place within the framework of the use of third-party services or the disclosure or transfer of data to a third party, this shall be done only if it is to comply with our (pre-)contractual obligations, on the basis of your consent, based on a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission, we shall process data or have them processed in a third country only under the special conditions laid down in Art. 44 ff. GDPR. In other words, processing takes place, for example, on the basis of special guarantees, such as the officially recognised establishment of an EU-compatible level of data protection (for example, the Privacy Shield in the case of the United States) or compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).
6. Rights of data subjects
6.1. You have the right to demand confirmation of whether personal data are being processed and for information on these data, as well as further information and copies of the data in accordance with Art. 15 GDPR.
6.2. You have the right, in accordance with Art. 16 GDPR, to demand that incomplete personal data be completed or that inaccurate personal data be rectified.
6.3. You have the right, in accordance with Art. 17 GDPR, to demand that personal data be erased without delay, or alternatively, in accordance with Art. 18 GDPR, a restriction of the processing of data.
6.4. You have the right, in accordance with Art. 20 GDPR, to demand that you receive the personal data that you have provided to us and to require that it be transferred to another controller.
6.5. You have the right, in accordance with Art. 77 GDPR, to lodge a complaint with the relevant supervisory authority.
7. Right to withdraw
7.1. You have the right, in accordance with Art. 7 para 3 GDPR, to withdraw consent with effect for the future.
8. Right to object
8.1. You can object at any time to the processing of personal data concerning you in accordance with Art. 21 GDPR.
9. Erasure of data
9.1. Data processed by us shall be erased in accordance with Art. 17 and 18 GDPR, or such processing shall be restricted. Unless it is expressly stated otherwise within the framework of this data protection declaration, any data we have stored shall be deleted, as soon as they are no longer necessary in relation to the purposes for which they were collected and such deletion does not conflict with any legal obligation to retain them. To the extent that data are not deleted because they are required for other and lawful purposes their processing shall be restricted. That is, the data shall be blocked and not be processed for other purposes. That shall apply, for example, to data that must be retained for commercial or tax law reasons.
10. Performance of contractual services
10.1. We shall process stock data to the extent previously mentioned for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para 1 lit b. GDPR. Inputs designated obligatory in online forms are required for the purpose of concluding contracts.
11. Establishment of contact
11.1. When establishing contact with us (by e-mail) the user’s data shall be used for processing the contact request and its handling in accordance with Art. 6 para 1 lit. b) GDPR.
12. Collection of access data log files
12.1. We collect data for the purposes of our legitimate interests, within the meaning of Art. 6 para 1 lit. f GDPR, on each access to the server on which this service is located (so-called server log files).
12.2. The data are also stored in our system log files.
12.3. Log file information is stored for security reasons (for example, for the purpose of clarifying abuses or fraud) for a maximum of thirty days and then deleted. Data whose further retention is required for evidence purposes shall be exempted from deletion until the incident has been finally clarified.
13.1. Cookies are information transferred from our web server to the web browser of the user and stored there, as the case may be, for later retrieval. Cookies may be small files or another form of information storage.
14. Inclusion of services and third-party contents
14.1. We use, within the framework of our online offering and based on our legitimate interests (that is, interests related to the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 para 1 lit. f GDPR), third-party contents or services in order to include their contents and services, such as videos or fonts (hereafter referred to as “contents”). This always assumes that the third-party providers of these contents recognise the user’s IP address, because without the IP address the contents cannot be sent to their browser. The IP address is thus necessary in order to view these contents. We try to use only contents whose providers use the IP address to provide their contents. Third-party providers can also use so-called pixel tags (invisible blocks of code, also known as web beacons) for statistical or marketing purposes. Pixel tags make it possible to evaluate information such as visitor traffic to a website.
14.2. The following presentation provides an overview of third-party providers, as well as their contents, as well as links to their data protection declarations, which contain further references to the processing of data and, it may be, as already mentioned, possibilities to object (so-called opt-outs):