The policy is applied if customers who are natural persons, as well as if the representatives, employees or related third parties of customers who are legal entities use, have used or have expressed a wish to receive ISIC services. The policy also applies to cooperation partners and cooperation relationships with customers established before the entry into force of these principles, in order to improve the existing cooperation and the provision of privacy within it.
1. General provisions
1.1 This Policy describes how ISIC processes personal data. More detailed information on the processing of personal data can also be described in the contracts and other documents related to the services, as well as in the ISIC internal regulations.
1.2. In accordance with applicable laws and regulations, ISIC is responsible for and ensures the confidentiality of personal data, the necessary technical and organizational information security measures, such as system security checks, as the controller and / or processor of personal data, depending on the specifics and purposes of personal data processing.
1.3. ISIC staff involved in the processing of personal data are adequately trained and have received instructions on the confidentiality of personal data processed in the course of their duties.
1.4. In cases where it is necessary for the provision of services, ISIC may use self-approved processors of personal data. In such cases, the necessary measures shall be taken to ensure that the processors of personal data carry out the processing of personal data and security measures in accordance with the instructions of ISIC and in accordance with the applicable laws and regulations.
1.6. In accordance with applicable laws and regulations, ISIC reserves the right to unilaterally amend this Policy at any time by notifying customers of such amendments on the ISIC website.
2. Types and categories of personal data processed
Personal data is primarily obtained from the customer, as well as in certain cases from third parties representing customers, such as the customer's data controller, in the case where ISIC performs the functions of a data processor.
The categories of personal data that ISIC may process are:
- Identification data: name, surname, national identification number, date of birth, photograph
- Client's academic status: student, pupil or teacher status; the educational institution where the customer studies or is employed; type of students' studies, study program, course and matriculation number; pupil's grade
- Member status in associations and trade unions: verification of the status of pedagogical staff in the database of the Latvian Trade Union of Educators and Researchers (LIZDA) or the status of a trade union member of the University of Latvia
- Identity document information when reasonably required for personal identification and / or academic status verification document data
- Contact information that the customer chooses to provide: postal address, telephone number, e-mail address
- Data obtained and / or generated in the performance of statutory duties, such as data resulting from requests received from investigative bodies
- Contact data obtained and / or created when the customer visits the ISIC website, receives and / or opens the newsletter, communicates with ISIC via e-mail or other electronic means of communication
- Service-related data, such as contractual liability, submitted applications, requests and complaints
3. Purposes and basis of personal data processing
ISIC processes personal data:
3.1 for the provision of services;
To provide quality services to our customers, enter into and execute contractual liability.
3.2. To protect the interests of the client and / or ISIC:
To protect the interests of the client and / or ISIC and to monitor the quality of the services provided. To provide evidence of transactions based on the contractual liabilities.
3.3. For providing and offering additional services, customer surveys, market analysis and statistics;
To offer customers ISIC services, improve customer satisfaction and service quality.
3.4. For the performance of legal duties;
To comply with applicable laws and regulations or to comply with a legal obligation and ensure risk management and corporate governance.
4. Recipients of personal data
Personal data is transferred to other recipients only within the framework of the execution of ISIC contractual obligations or at the request of law enforcement authorities, for example:
4.2. The International ISIC Association (The ISIC Association) based in Copenhagen, Denmark;
4.3. Institutions such as law enforcement agencies;
4.4. Auditors, legal advisers, financial advisers or other ISIC-approved processors of personal data;
4.5. Other persons who are related to the provision of ISIC services and ensuring day-to-day operations of the company, incl. mail service providers, virtual data server maintenance service, website system developers, e-mail system maintenance service.
4.6. Administration and maintenance services of databases of academic status: the Latvian Trade Union of Educators and Researchers (LIZDA), the Ministry of Education and Science (VIIS), Riga Technical University, the University of Latvia, Riga Stradiņš University.
5. Geographical area of processing
Personal data is processed in the European Union / European Economic Area (EU / EEA).
6. Personal data storage period
6.1. Personal data will be processed for as long as it is necessary to achieve the stated purpose of the processing, but not longer than 19 months after the fulfillment of the contractual obligations.
6.2. Data retention periods may be based on a contract with the customer, the legitimate interests of ISIC or applicable laws and regulations (e.g. accounting laws, civil law, etc.).
7. Rights of the data subject
Data subjects - customers, their representatives, employees and natural persons related to the receipt of the service have the following rights regarding the processing of their personal data:
7.1 Request the correction of the customer’s personal data if it is inadequate, incomplete or incorrect;
7.2 Oppose the processing of the customer’s personal data if the use of personal data is justified by a legitimate interest, including profiling for direct marketing purposes, such as receiving marketing offers or participating in surveys;
7.3 Request the deletion of the customer’s personal data, for example, if personal data is processed on the basis of consent and the customer has withdrawn his / her consent. This right shall not apply if the personal data, of which the deletion is requested, is also processed on the basis of another legal basis, such as a contract or obligations arising from the relevant laws and regulations;
7.4 Restrict the processing of the customer’s personal data in accordance with applicable laws and regulations, for example, when ISIC is assessing whether the customer has the right to have their data deleted;
7.5 Receive information on whether ISIC processes the customer’s data;
7.6 Receive the customer’s personal data provided by himself / herself, processed on the basis of consent and execution of the contract, in writing or in one of the most commonly used electronic formats and, if possible, transfer such data to another service provider (data portability);
7.7 Withdraw its consent to the processing of personal data;
7.8 Not to be subject to fully automated decision-making, including profiling, if such decision-making has legal consequences or consequences that in a similar way significantly affects the customer. This right shall not apply if the decision is necessary for the conclusion or execution of the contract with the customer, and if the decision is permitted under the applicable laws and regulations or if the customer has given his explicit consent;
7.9 To submit a complaint regarding the use of personal data to the State Data Inspectorate (www.dvi.gov.lv), if the customer considers that the processing of the personal data violates his / her rights and interests in accordance with the applicable regulatory enactments.
8. Contact information
In relation to issues of withdrawal of consent, requests, data subjects' rights and complaints about the use of personal data, customers can contact ISIC by writing to e-mail firstname.lastname@example.org or by calling +371 6722 3000.
Postal items should be addressed to SIA “ISIC.lv”, 24/26 Kr. Barona Street, office 10, Riga, LV-1050, Latvia.