In force since 25.05.2018.
The policy is applied if customers who are natural persons, as well as if the representatives, employees or related third parties of customers who are legal entities use, have used or have expressed a wish to receive ISIC services. The policy also applies to cooperation partners and cooperation relationships with customers established before the entry into force of these principles, in order to improve the existing cooperation and the provision of privacy within it.
1. General provisions
1.1 This Policy describes how ISIC processes personal data. More detailed information on the processing of personal data can also be described in the contracts and other documents related to the services, as well as in the ISIC internal regulations.
1.2. In accordance with applicable laws and regulations, ISIC is responsible for and ensures the confidentiality of personal data, the necessary technical and organizational information security measures, such as system security checks, as the controller and / or processor of personal data, depending on the specifics and purposes of personal data processing.
1.3. ISIC staff involved in the processing of personal data are adequately trained and have received instructions on the confidentiality of personal data available in the course of their duties.
1.4. In cases where it is necessary for the provision of services, ISIC may use approved processors of personal data. In such cases, the necessary measures shall be taken to ensure that the processors of personal data carry out the processing of personal data and security measures in accordance with the instructions of ISIC and in accordance with the applicable laws and regulations.
1.5. This Policy is available to customers on ISIC website: https://isic.lv/lv/privatums-sikdatnes/, as well as in the ISIC office, Kr. Barona Street 24/26, Riga.
1.6. In accordance with applicable laws and regulations, ISIC reserves the right to unilaterally amend this Policy at any time by notifying customers of such amendments on the ISIC website.
2. Types and categories of personal data processed
Personal data is primarily obtained from the customer, as well as in certain cases from third parties representing customers, such as the customer's data controller, in the case where ISIC performs the functions of a data operator.
The categories of personal data that ISICs may process are:
- Identification data: name, surname, personal identification number, date of birth, photograph
- Client's academic status: student, pupil or teacher status; the educational institution where the client studies or works; type of students' studies, study program, course and matriculation number; pupil's class
- Member status in associations and trade unions: checking the status of teaching staff in the database of the Latvian Trade Union of Educators and Researchers (LIZDA); Checking the status of a trade union member of the University of Latvia by presenting a membership card
- Identity document information when reasonably required for personal identification and / or academic background check data
- Contact information that the customer chooses to provide: postal address, telephone number, e-mail address
- Data obtained and / or generated in the performance of statutory duties, such as data resulting from requests for information received from investigative bodies
- Contact data obtained and / or created when the customer visits the ISIC website, opens the ISIC newsletter, communicates with ISIC via e-mail or other electronic means of communication
- Service-related data, such as contract performance, submitted applications , requests and complaints
3. Purposes and basis of personal data processing
ISIC processes personal data:
3.1 for the provision of Service;
To provide quality services to our customers, enter into and execute contracts.
3.2. To protect the interests of the Client and / or ISIC:
To protect the interests of the client and / or ISIC and to monitor the quality of the services provided. To provide evidence of transactions based on the performance of contracts.
3.3. For providing and offering additional services, customer surveys, market analysis and statistics;
To offer customers ISIC services, improve customer satisfaction and service quality.
3.4. For the performance of legal duties;
To comply with applicable laws and regulations or to comply with a legal obligation, or subject to
ISIC's legitimate interests would ensure risk management and corporate governance.
4. Recipients of personal data
Personal data is transferred to other recipients only within the framework of the fulfillment of ISIC contractual obligations or at the request of law enforcement authorities, for example:
4.2. The International ISIC Association (The ISIC Association) and its ISIC Office (IGO) in Amsterdam, the Netherlands;
4.3. institutions such as law enforcement agencies;
4.4. auditors, legal advisers, financial advisers or other ISIC-approved processors of personal data;
4.5. other persons who are related to the provision of ISIC services and ensuring the day-to-day operation of the company, incl. mail service providers, virtual data server maintainers, website system developers, e-mail system maintainers.
4.6. maintainers of databases of academic status: the Latvian Trade Union of Educators and Researchers (LIZDA), the Ministry of Education and Science, Riga Technical University, the University of Latvia, Riga Stradiņš University.
5. Geographical area of processing
Personal data is processed in the European Union / European Economic Area (EU / EEA).
6. Personal data storage period
6.1. Personal data will be processed for as long as it is necessary to achieve the stated purpose of the processing, but not longer than 19 months after the fulfillment of the contractual obligations.
6.2. Retention periods may be based on a contract with the client, the legitimate interests of the ISIC or applicable laws and regulations (eg laws on accounting, civil law, etc.).
7. Rights of the data subject
Data subjects - customers, their representatives, employees and natural persons related to the receipt of the service have the following rights regarding the processing of their personal data:
7.1 request the correction of your personal data if they are inappropriate, incomplete or incorrect;
7.2 oppose the processing of your personal data if the use of personal data is justified by a legitimate interest, including profiling for direct marketing purposes, such as receiving marketing offers or participating in surveys;
7.3 request the deletion of your personal data, for example if personal data is processed on the basis of consent, if the customer has withdrawn his consent. This right shall not apply if the personal data the deletion of which is requested are also processed on the basis of another legal basis, such as a contract or obligations arising from the relevant laws and regulations;
7.4 restrict the processing of your personal data in accordance with applicable laws and regulations, for example, when ISIC is assessing whether the customer has the right to have their data deleted;
7.5 receive information on whether ISIC processes customer data;
7.6 receive its personal data provided by it and processed on the basis of consent and performance of the contract, in writing or in one of the most commonly used electronic formats and, if possible, transfer such data to another service provider (data portability);
7.7 withdraw its consent to the processing of personal data;
7.8 not to be subject to fully automated decision-making, including profiling, if such decision-making has legal consequences or which in a similar way significantly affects the Customer. This right shall not apply if the decision is necessary for the conclusion or performance of the contract with the client, if the decision is permitted under the applicable laws and regulations or if the client has given his explicit consent;
7.9 to submit a complaint regarding the use of personal data to the State Data Inspectorate (www.dvi.gov.lv), if the customer considers that the processing of personal data violates its rights and interests in accordance with the applicable regulatory enactments.
8. Contact information
In relation to issues of withdrawal of consent, requests, data subjects' rights and complaints about the use of personal data, customers can contact ISIC by writing to e-mail email@example.com or by calling +371 6722 3000.
Postal items should be addressed to SIA “ISIC.lv”, Kr. Barona Street 24 / 26-10, Riga, LV-1050, Latvia.