Privacy Policy

The purpose of the Privacy Policy is to provide the natural person - the data subject - with information on the purpose, legal basis, scope, protection and duration of the processing of personal data at the time of collection and processing of the data subject's personal data.

I. The manager and his contact details
  1. The controller of personal data processing in relation to seminar/event attendees, clients, website visitors, as well as candidates for vacancies who have submitted an application, is SIA "Kreiss", single registration No 40103116320, registered office at "Bērzlapas 5", Mārupe, Mārupes novads, LV-2167 (hereinafter - the Company).
  2. The contact details of the Company for matters related to the processing of personal data, including for notification of possible data breaches, is datuaizsardziba@kreiss.lv.
  3. You can ask questions about the processing of personal data using the contact details below or by contacting the Company's registered office. A request to exercise your rights may be made in accordance with paragraph 24.
II. General provisions
  1. Personal data means any information relating to an identified or identifiable natural person.
  2. This Privacy Policy applies to ensure the privacy and protection of personal data of the following groups (collectively, "Customers"):
    • natural persons - candidates (applicants)
    • for visitors to seminars/events;
    • The company's customers (including potential, former and existing);
    • Visitors to websites maintained by the company.
  1. The Company cares about the privacy and personal data protection of the Clients, respects the rights of the Clients to the lawfulness of personal data processing in accordance with the applicable legislation - the Law on Processing of Personal Data, Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter - the Regulation) and other applicable legislation in the area of privacy and data processing.
  2. The Privacy Policy applies to data processing regardless of the form and/or medium in which the Customer provides personal data (in person, on the Company's website, on paper or by telephone).
III. Purpose of the processing of personal data
  1. The company processes personal data for the following purposes:
    • For the provision of services:
      • To identify the representative of the client (legal entity);
      • for the preparation and conclusion of the contract
      • for the supply of services (performance of contractual obligations)
      • for the development of new services
      • to deal with objections or complaints;
      • to administer the settlements;
      • debt recovery and enforcement
      • to maintain and improve websites
      • For business planning and analytics;
      • For customer safety, protection of company property;
    • To ensure the conduct of the recruitment competition and to safeguard its legitimate interests insofar as they relate to recruitment:
      • to assess the candidate's suitability for the vacancy;
      • to award the contract to the candidate who meets the Company's requirements;
      • to bring, pursue and defend the Company's legal claims.
    • the legitimate aims of the company:
      • to carry out commercial activities
      • verify the identity of the Client (legal entity representative or authorized person, natural person) before purchasing the services;
      • ensure compliance with the obligations of the contract;
      • to store Customer applications and service requests;
      • segment the customer database for more efficient service delivery
      • design and develop services
      • send other reports on the progress of the Contract and events relevant to the performance of the Contract, as well as conduct Customer surveys on the Services;
      • to prevent fraudulent activities against the company;
      • provide corporate governance, financial and business accounting and analytics
      • ensure effective corporate governance processes
      • ensure and improve the quality of services
      • administer payments
      • video surveillance for business security
      • keep the public informed about your activities.
  2. The company may process candidates' personal data for recruitment purposes for the specific vacancy for which the candidate applies or for future-oriented recruitment if the candidate has consented to this.
IV. Legal basis for processing personal data
  1. The legal basis for the processing of personal data by the company for the following purposes:
    • Provision of services:
      1. Article 6(1): (b) (processing is necessary for performance of a contract to which the data subject is a party or for taking measures at the request of the data subject prior to entering into the contract), (c) (processing is necessary for compliance with a legal obligation to which the controller is subject) and (f) (processing is necessary for compliance with the legitimate interests of the controller).
    • Business planning and analytics:
      1. Article 6(1)(f) (processing is necessary for the pursuit of the legitimate interests of the controller).
    • For customer safety, protection of company property:
      1. Article 6(1)(f) (processing is necessary for the pursuit of the legitimate interests of the controller).
V. Processing of personal data
  1. The Company shall process the Customer's data using modern technologies, taking into account the existing privacy risks and the organisational, financial and technical resources available to the Company.
  2. The Company may carry out automated decision-making in relation to the Customer. The Customer shall be informed separately of such activities of the Company in accordance with the laws and regulations.
  3. Automated decision-making that has legal consequences for the Client (e.g. approval or rejection of the Client's application) may only be carried out in the course of the conclusion or performance of a contract between the Company and the Client or on the basis of the Client's explicit consent.
VI. Protection of personal data
  1. The Company shall protect the Customer Data by using modern technological capabilities, taking into account the existing privacy risks and the Company's reasonably available organisational, financial and technical resources, including the following security measures:
    • Firewalls;
    • Intrusion protection and detection programmes;
    • Other protection measures in line with the state of the art.
VII. Categories of recipients of personal data
  1. The Company shall not disclose to third parties the Client's personal data or any information obtained during the provision of the services and the term of the contract, including information about the services received, except:
    • subject to the Client's express and unambiguous consent;
    • to the persons provided for in external normative acts upon their justified request, in the manner and to the extent provided for in external normative acts;
    • in the cases provided for in external laws and regulations, to protect the legitimate interests of the Company, for example, by taking legal action against a person who has infringed the legitimate interests of the Company in court or before other public authorities.
VIII. Transfer of personal data
  1. The Company shall not transfer personal data to third parties except as necessary for the reasonable exercise of its business activities, provided that such third parties maintain the confidentiality of the personal data and provide adequate protection.
  2. The Company is entitled to transfer personal data to the Company's suppliers, subcontractors, strategic partners and others who assist the Company in the conduct of the business of its customers for the purpose of the relevant cooperation. However, in such cases, the Company requires the recipients to undertake to use the information received only for the purposes for which the data was transferred and in accordance with the requirements of the applicable laws and regulations.
IX. Access to personal data by third-country subjects
  1. The company does not transfer personal data to third countries (outside the European Union and the European Economic Area).
X. Duration of storage of personal data
  1. The Company shall store and process the Customer's personal data for as long as at least one of the following criteria applies:
    • only for as long as the contract with the Client is valid or the service is provided to the Client;
    • the data are necessary for the purpose for which they were collected;
    • pending full consideration and/or execution of the Client's application;
    • until the Company or the Customer can exercise its legitimate interests (e.g. to file an objection or to bring a lawsuit) in accordance with the procedure established by external laws and regulations;
    • as long as the Company is legally obliged to keep the data;
    • as long as the Client's consent to the processing of personal data is valid, unless there is another lawful basis for the processing.
  2. After the circumstances referred to in paragraph 19 cease to apply, the Customer's personal data shall be deleted. Audit trails shall be retained for at least one year from the date on which they were made.
  3. The Company shall store and process the personal data submitted by the applicant for 6 (six) calendar months after the end of the selection process or as long as the applicant's consent to the processing of personal data is valid, unless there is another lawful basis for processing the data, after which the personal data shall be deleted.
XI. Access to personal data and other rights of the Client
  1. The Client has the right to receive the information required by the regulatory enactments in relation to the processing of his/her data.
  2. The Customer also has the right to request the Company to have access to his/her personal data, to request the Company to supplement, rectify or erase the personal data or to restrict processing in respect of the Customer, or to object to processing (including processing of personal data based on the legitimate interests of the Company), as well as the right to data portability, in accordance with the laws and regulations. These rights shall be exercisable to the extent that the processing does not result from the Company's obligations imposed by applicable laws and regulations and which are carried out in the public interest.
  3. The customer may submit a request for the exercise of his/her rights in the following way:
    • in writing at the Company's office in Marupe (address: "Bērzlapas 5", Mārupe, Mārupes novads, LV-2167) or by postal service;
    • by email, signed with a secure electronic signature and sent to the following email address: datuaizsardziba@kreiss.lv.
  4. Upon receipt of a request from a Customer to exercise its rights, the Company shall verify the identity of the Customer, assess the request and comply with it in accordance with laws and regulations.
  5. The Company's reply shall be sent to the Customer by post to the contact address provided by the Customer by registered letter or by e-mail with a secure electronic signature (if the application has been submitted with a secure electronic signature), taking into account as far as possible the method of receipt of the reply indicated by the Customer.
  6. The Company shall ensure compliance with the data processing and protection requirements in accordance with the laws and regulations and, in the event of an objection by the Customer, shall take reasonable steps to resolve the objection. However, if this fails, the Customer shall have the right to apply to the Data Inspectorate.
  7. The Customer has the right to receive, free of charge, one copy of the personal data processed by the Company.
  8. The receipt and/or use of the information referred to in paragraph 28 of this document may be restricted in order to prevent adverse effects on the rights and freedoms of others (including the Company's employees).
  9. The Company is committed to ensuring the accuracy of personal data and relies on its customers, suppliers and other third parties who transfer personal data to ensure the completeness and accuracy of the personal data transferred.
XII. Customer's consent to data processing and right to withdraw it
  1. The Customer gives consent to the processing of personal data based on consent (e.g. to receive commercial communications, to analyse personal data, to receive loyalty cards) in writing in person at the Company's offices, on the Company's website and mobile applications or at any other location where marketing activities are organised.
  2. The Customer shall have the right to withdraw the consent to data processing at any time in the same manner as given and/or in accordance with the procedure set out in Clause 24. In such case, no further processing based on the consent previously given for the specific purpose will be carried out.
  3. Withdrawal of consent shall not affect the processing of data carried out at the time when the Customer's consent was valid.
  4. Withdrawal of consent cannot interrupt the processing of data carried out on the basis of other legal grounds.
XIII. Commercial communications
  1. The Company shall communicate commercial communications about the Company's and/or third parties' services and other communications not directly related to the provision of the agreed services (e.g. customer surveys) in accordance with external laws and regulations or with the Customer's consent.
  2. The Customer shall consent to receive commercial communications from the Company and/or its business partners in writing in person at the Company's offices, on the Company's website and mobile applications or at any other location where the Company organises marketing activities.
  3. The Customer's consent to receive commercial communications is valid until revoked (including after termination of the service contract). The Customer may at any time opt-out from receiving further commercial communications in any of the following ways:
    • by sending an email to: datuaizsardziba@kreiss.lv;
    • by submitting a written application to the Company's office;
    • using the automated opt-out option provided in the commercial communication by clicking on the unsubscribe link at the end of the commercial communication (email).
  4. The Company shall stop sending commercial communications as soon as the Customer's request has been processed. The processing of the request depends on the technological possibilities, which may take up to three days.
  5. By expressing his/her opinion in the surveys and leaving his/her contact details (email, telephone), the Customer agrees that the Company may contact him/her using the contact details provided in connection with the evaluation provided by the Customer.
XIV. Photography and filming
  1. Customers (seminar and event attendees) are informed that in certain cases, when the Company's work is featured in the media or in the Company's information media (the Company's website), photographs or video recordings of visitors to the Company's events may be processed, and the lawful basis for such processing is the legitimate interest, except where the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override such interests, in particular where the data subject is a child.
  2. Before the event, the company shall inform the participants of the event about the planned processing of personal data in accordance with the requirements of Article 13 of the Regulation by displaying information about the processing of personal data in the invitations and before entering the venue.
XV. Visits to websites and processing of cookies
  1. Cookies may be used on the company's website:
    • Cookies are files that websites place on users' computers to recognise the user and make it easier for them to use the website. Internet browsers can be configured to alert the customer to the use of cookies and allow the customer to choose whether to accept them. Not accepting cookies will not prevent the customer from using the website, but it may limit the customer's use of the website.
    • The Company's websites may contain links to third party websites which have their own terms of use and personal data protection policies, for the completeness of which the Company is not responsible.
XVI. Other Provisions
  1. The Company shall have the right to make changes and additions to the Privacy Policy and to make it available to the Customer by posting it on the Company's website.
  2. The Company retains the previous versions of the Privacy Policy and they are available on the website.

Previous and current versions of the privacy policy (PDF)

Effective from 01.10.2019

© Kreiss 1994 - 2025. All rights reserved

Apply for cooperation

Regions of operation

Contact a representative

Car of interest:
Privacy Policy
Price: EUR