Data Processing Privacy Policy

The aim of the Privacy Policy is to provide a natural person, the data subject, with information about the purpose, the scope, the protection and the duration of processing of personal data during the collection and processing of the data subject's personal data.

Controller of personal data

The controller of personal data is "Colemont FKB Latvia" SIA (hereafter – Controller), Reg. No: 40003484130, Āraišu iela 34, Rīga, LV-1039, e-mail:

Controller's contact info for questions regarding data processing: or

General conditions

  1. This Privacy Policy generally describes how the Controller processes and protects personal data. Detailed information about personal data processing and protection is described in contracts, internal normative acts.

  2. The Controller ensures the confidentiality of personal data within the framework of applicable normative acts, and has taken appropriate technical and organisational measures to protect personal data from unauthorised access, illegal processing or disclosure, accidental loss, editing or destruction.

  3. The Controller may employ data processors for the processing of personal data. In such cases the Controller takes the necessary measures to ensure that these personal data processors perform personal data processing in accordance with the Controller’s instructions and in compliance with applicable normative acts, and requests the implementation of appropriate security measures.

  4. The Controller's Cookie Policy is available on the Controller's website.

  5. Categories of personal data

Personal data is collected from both the data subject and external sources, e.g. databases and registers at the disposal of the Controller. The categories of personal data, which the Controller mainly collects and processes, include, but are not limited to:

5.1. identification data – name, surname, personal identification number, date of birth;
5.2. contact info – address, phone number, e-mail address;
5.3. professional data – education, profession, place of employment;
5.4. special category personal data;
5.5. data that have been collected and/or created by performing the obligations stipulated by normative acts;
5.6. data on satisfaction – data subject's satisfaction;
5.7. data obtained by video surveillance.


6. Purpose and legal basis of personal data processing

The Controller processes personal data:
6.1. to check and detect potential conflicts of interest;
6.2. to establish and maintain the contractual relationship;
6.3. to ensure the circulation of documents within "Colemont FKB Latvia" SIA;
6.4. to study the Controller's clients, as well as to inform clients about news, to perform client satisfaction surveys, etc.;
6.5. to prevent or detect criminal offences relating to the protection of property and the protection of persons' vital interests;
6.6. for the purposes of informing society;
6.7. to maintain the Controller's website and improve its functionality;
6.8. for the protection of the Controller's clients' and/or Controller's interests;

6.9. the fulfilment of the legal obligations of "Colemont FKB Latvia" SIA.


7. Legal basis of personal data processing

7.1. to conclude and fulfil the contract – to conclude a contract on the basis of the data subject's application and ensure its fulfilment;
7.2. to fulfil normative acts – to fulfil an obligation that is defined within the Controller's binding normative acts;
7.3. in accordance with the data subject's consent;
7.4. within legal (legitimate) interests – to carry out the Controller's legitimate interests arising from the commitment or the contract concluded between the Controller and data subject, or the law.


8. Controller's legitimate interests are:

8.1. to check the client's identity prior to the conclusion of a contract;
8.2. to ensure the fulfilment of contractual obligations;
8.3. to keep the client's applications and submissions, notes about them, including those made orally, over the phone and on the website;
8.4. to survey clients about the Controller's performance;
8.5. to ensure and to improve the quality of services;
8.6. to turn to the law enforcement authority to protect their own legal interests;
8.7. to control access to the Controller's premises, ensuring the safety of the Controller's infrastructure, employees and visitors, as well as to prevent, to detect and to investigate the theft of the Controller's, its employees' and visitors' property, prevent or detect physical threats to the safety of the Controller's employees and visitors.


9. Protection of personal data

The Controller protects personal data by using state-of-the-art technology solutions, bearing in mind the existing privacy risks and the Controller's reasonably available organisational, financial and technical resources including the following security measures, and by using the following security solutions:

9.1. data encryption during data transfer (SSL encryption);
9.2. firewall;
9.3. intrusion protection and detection applications;
9.4. other security measures in compliance with the current technical development possibilities.


10. Data recipients

Personal data may be transferred to recipients, e.g.:

10.1. law enforcement authorities;
10.2. auditors, legal advisers or other personal data processors of the Controller;
10.3. Financial and Capital Market Commission as the organisation overseeing the insurance field.


11. Geographical territory of personal data processing
The processing of personal data is performed in the European Union/European Economic Area (EU/EEA).

The processing of personal data is performed at Āraišu iela 34, Rīga, LV-1039.


13. Storage period
13.1. Personal data is processed for the duration required for the purpose of the processing. The storage period is based on the contract with the client, the Controller's legitimate interests, applicable normative acts or while the consent given by the Controller's client for the respective personal data processing is valid, if there is no other legal basis for the processing of personal data.

13.2. After the conditions in Article 13 of this Privacy Policy expire the personal data are deleted.


14. Data subject's rights
14.1. To receive the information defined by normative acts regarding the processing of their personal data by "Colemont FKB Latvia" SIA.

14.2. In accordance with normative acts, to request the Controller to provide access to their personal data, to update, rectify, delete or restrict the processing of their personal data, the right to object to the processing of their personal data, including data processing that the Controller performs based on the Controller's legal (legitimate) interests, as well as the right to the portability of their personal data and to withdraw the consent for the processing of their personal data.

14.3. To submit a complaint with the Data State Inspectorate ( if they consider that the processing of personal data infringes upon their rights and interests in accordance with normative acts.

14.4. The Controller has the rights to amend or supplement this Privacy Policy, by publishing the topical version of the Privacy Policy on the Controller's website.


< back