Aim of the privacy policy is to provide information to a natural person – data subject, about the purpose, scope, protection and term of processing of personal data at the time of obtaining and processing of such data.

Personal Data Controller

Personal data controller is the Central Finance and Contracting Agency (hereinafter – Agency), registration No. 90000812928, address: 1 Smilšu iela, Riga, LV-1919, phone: +371 66939777, e-mail: cfla@cfla.gov.lv.

Contact information on issues related to personal data processing: privacy@cfla.gov.lv or cfla@cfla.gov.lv.

General Provisions

1. The present Privacy Policy provides a general description of how the Agency carries out personal data processing and protection. More detailed information regarding personal data processing and protection is described in agreements, internal laws and regulations and in the Agency’s website under section "Protection of Data of Natural Persons". 

2. Within scope of the applicable laws and regulations the Agency ensures confidentiality of the personal data and has implemented respective technical and organisational measures for protection of personal data from unauthorised access, unlawful processing or disclosure, accidental loss, altering or destruction.

3. The Agency may use services of data processors for processing of data. In that case the Agency carries out the necessary measures to ensure that such data processors carry out data processing in accordance with the Agency’s directions and the applicable laws and regulations, and requires implementation of appropriate safety measures.

4. The Agency’s Cookie Policy is available in the Agency’s website under section "Cookie Policy". 

Categories of Personal Data

5. Personal data are collected both from the data subjects and external sources, as well as from data bases and registers available to the Agency. Categories of personal data mainly, but not only gathered and processed by the Agency include:  

5.1.   identification data – name, surname, personal code, date of birth;
5.2.   contact information – address, phone number, e-mail address;
5.3.   professional data – education, position, place of work;
5.4.   personal data of special category;
5.5.  data obtained and/or created, when carrying out obligations stipulated by the laws and regulations;
5.6.   data on satisfaction – satisfaction of the data subject;
5.7.  data obtained from video surveillance.

Aim and Legal Basis of the Personal Data Processing

6.The Agency carries out personal data processing:

6.1. in order to verify payment requests, as well as to control correct use of the granted European Union funding and achievement of supervision indicators;
6.2. in order to assess and confirm project applications;
6.3. in order to verify and detect the possible situation of conflict of interests;
6.4. in order to establish and maintain contractual liabilities;
6.5. in order to ensure document circulation in the Agency;
6.6. in order to survey the Agency’s clients, as well as to inform the clients about news and carry out satisfaction polls, etc.;
6.7. in order to prevent or disclose offences related to property protection and protection of business-critical interests;
6.8. for information of society;
6.9. for maintenance and improvement of the Agency’s webpage;
6.10. for protection of interests of the Agency’s clients and/or Agency itself.

7. Legal basis of personal data processing:

7.1. conclusion and execution of agreements – in order to conclude an agreement upon application of a data subject and to ensure execution of it;
7.2. execution of laws and regulations – in order to execute obligations of the Agency stipulated in the laws and regulations;
7.3. upon consent of the data subject;
7.4. within legitimate interests – in order to implement legitimate interests of the Agency arising from liabilities or agreements concluded between the Agency and the data subject.

8. Legitimate interests of the Agency:

8.1. to verify personal identity of the client before conclusion of agreement;
8.2. to ensure execution of contractual liabilities;
8.3. to save applications and submissions of clients and notes thereto, including those submitted verbally, by phone and in the webpage;
8.4. to carry out client survey about operation of the Agency;
8.5. to ensure and improve service quality;
8.6. to address law enforcement bodies for protection of its legitimate interests;
8.7. to control access to the Agency’s premises, ensuring safety of the Agency’s infrastructure, employees and visitors, as well as to prevent, solve and investigate theft of items belonging to the Agency, its employees and visitors, to prevent and solve threats to safety of the Agency’s employees and visitors.

Personal Data Protection

9. The Agency carries out protection of personal data by modern technologies, considering the existing risks to privacy and reasonably available organisational, financial and technical resources of the Agency, including the following safety measures and solutions:

9.1. data encryption (SSL encryption);
9.2. firewall;
9.3. intrusion protection and detection programs;
9.4. other measures of protection pursuant to the current technical development possibilities.

Personal Data Receivers

10. Personal data can be transferred to receivers, e.g.:

10.1. law enforcement bodies;
10.2. auditors, lawyers, legal counsellors or other processors of the Agency’s personal data; 
10.3. Ministry of Finance as the managing institution of the European Union funds, as well as other institutions involved in supervision of the EU funds for execution of their statutory obligations pursuant to  Articles 9, 10, 11, 13 and 14 of the Law On Management of European Union Structural Funds and the Cohesion Fund for the 2014-2020 Programming Period.

Geographic Territory of Personal Data Processing  

11. Personal data are processed in the European Union/ European Economic Area (EU/EEA).

12. Personal data are processed in 1 Smilšu iela, 10 Meistaru iela, Riga (the Old Riga), LV-1919 and in four regional departments:

12.1. Latgale Regional Department: 35 18.novembra iela, 2nd floor, Rēzekne, LV-4601;
12.2. Kurzeme Regional Department: 48 Liepājas iela, Room 303, Kuldīga, LV-3301;
12.3. Vidzeme Regional Department: 8 Jāņa Poruka iela, Room 219, Cēsis, LV-4101;
12.4. Zemgale Regional Department: 43 Pasta iela, 3rd floor, Jelgava, LV-3001.

Period of Storage

13. Personal data are processed for the period necessary for processing of such data. Storage period is based on the agreement with the client, legitimate interests of the Agency, applicable laws and regulations or while the consent of the respective client to processing of personal data is valid and there is no other legal basis for processing of personal data. 

14. When the conditions provided in Clause 13 herein expire, the personal data are erased.

Rights of the Data Subject

15. To receive information about processing of their personal data by the Agency within scope stipulated in the laws and regulations.

16. In accordance with the laws and regulations to request the Agency to grant access to their personal data, to supplement, correct, erase or restrict processing of such data, to object against processing of their personal data carried out by the Agency on basis of the Agency’s legitimate interests, as well as to transfer their personal data and withdraw their consent to processing of personal data.

17. To submit complaint regarding processing of the personal data to the Data State Inspectorate (www.dvi.gov.lv), if the client thinks that processing of personal data breaches his/her rights and interests stipulated in the laws and regulations.

The Agency is entitled to amend or supplement the present privacy Policy by publishing the current version in the Agency’s webpage under section "Privacy Policy".