PRIVACY POLICY

SIA "The One" (Ltd.), registration No. 40203418528, legal address: Rasenes iela 5 - 2,

Upesciems, Garkalnes pag., Ropažu nov., LV-2137 ("us", "we", "our" or the “Company”) as the Data

Controller operates the www.octella.com website providing Customer contact Centre communication

system (the "Service").

This Privacy Policy informs you (the “User” or the “Customer”) of our policies regarding the

processing (collection, storage, use, disclosure, erasure etc.) of Personal Data when you visit our

website and / or use, has used or expressed a wish to use any of our Service or if you are in any way

connected with this Service, and the choices you have associated with that data. We use your Personal

Data to provide and to improve the Service, perform a contract and to fulfil legal obligations to which we

are the subject.

By using the Service, your Personal Data is processed in accordance with this Privacy Policy.

If the User does not agree with the Privacy Policy or certain provisions thereof, the User does not

have to provide Personal Data to the Company. In cases when the User does not provide the Company

with Personal Data necessary for the performance of the contract or Services, as well as for the

performance of legal obligations of the Company specified in regulatory enactments, the Company has

a legal basis to refuse to provide the User Services in whole or in part.

If the Personal Data provided by the User has changed or the information processed by the

Company about the User is inaccurate or incorrect, the User has the right to request to change, clarify

or correct this information. The Company shall not be liable for inaccurate or incomplete data submitted

by the User.

1. DEFINITIONS

1.1. Data Controller

Data Controller means a person who (either alone or jointly or in common with other persons)

determines the purposes for which and the manner in which any Personal Data are, or are to be,

processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Definition shall have the same meaning as in Article 4 (7) of GDPR.

1.2. Data Processor (or Service Providers or Sub-contractors)

Data Processor (or Service Provider or Sub-contractor) means any person (other than an

employee of the Data Controller) who processes the Personal Data on behalf of the Data Controller. We

may use the services of various Service Providers in order to process your Personal Data more

effectively. Definition shall have the same meaning as in Article 4 (8) of GDPR.

1.3. Data Subject

Data Subject is any living individual (natural person) who is the subject of Personal Data.

1.4. Cookies

Cookies are small pieces of data stored on a User’s device.

1.5. GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the

protection of natural persons with regard to the processing of personal data and on the free movement

of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.6. Personal Data

Personal Data means data about a living individual (natural person) who can be identified or

identifiable from those data (or from those and other information either in our possession or likely to

come into our possession). Definition shall have the same meaning as in Article 4 (1) of GDPR.

1.7. Third party

Third party means a natural or legal person, public authority, agency or body other than the data

subject, controller, processor and persons who, under the direct authority of the controller or processor,

are authorised to process Personal Data. Definition shall have the same meaning as in Article 4 (10) of

GDPR.

1.8. Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the

Service infrastructure itself (information that your browser sends whenever you visit our webpage or

when you access the Service by or through a mobile device, for example, your computer's Internet

Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you

visit, the time and date of your visit, the duration of a page visit, unique device identifiers and other

diagnostic data, the type of mobile device you use, your mobile device unique ID, the IP address of your

mobile device, your mobile operating system, the type of mobile Internet browser you use, unique

device identifiers and other diagnostic data).

1.9. User

The User is the individual using our Service. The User corresponds to the Data Subject, who is

the subject of Personal Data.

2. CATEGORIES AND TYPES OF PERSONAL DATA PROCESSED, LEGAL BASIS FOR

PROCESSING AND PURPOSES OF PROCESSING

The Company processes the User's personal data in accordance with the following legal

basis and purposes for processing personal data:

CATEGORIES AND TYPES OF

PERSONAL DATA

PROCESSED

L E G A L B A S I S F O R

PROCESSING

PURPOSES OF PROCESSING

Identification data (name;

personal identification number (if

any); date, month and year of

birth); passport or identity card

details (document number; date

of issue; issuing authority;

issuing country); contact details

(address);

Details of the Customer's

beneficial owner. If the beneficial

owner is a resident of Latvia:

name; personal identification

number; date, month and year

of birth; nationality; country of

permanent residence.

If the beneficial owner is a non-

resident of Latvia: name; date,

mon t h a n d year o f b i rth;

passport or identity card number

and date of issue; country and

issuing authority; nationality;

country of permanent residence.

The processing is necessary for

the performance of a task

carried out in the public interest

or in the exercise of official

authority vested by law in the

controller pursuant to Article 6(1)

(e) of the GDPR.

To comply with the requirements

of Article 2(2) of the International

and National Sanctions Law of

the Republic of Latvia and to

ensure risk management and

corporate governance of the

Company.

Identification and research data:

name, surname, personal

identification number, date,

month and year of birth; identity

document data (passport data,

I D c a r d d a t a a n d c o p i e s

thereof); marital status;

contact details: telephone

number, e-mail address, home

address; language of

communication;

financial data (name of bank,

account holder, current account

number).

The processing is necessary for

the performance of pre-

contractual measures at the

request of the Customer (data

subject) and for the performance

of the contract.

To identify the Customer;

To perform the contract and to

ensure that the personal data is

up-to-date and correct by

checking and updating the data;

To communicate with the

Customer and generally

m a n a g e t h e C u s t o m e r

relationship and to provide and

administer the contract:.

Identifying data (name,

surname, personal identification

number, date, month and year of

birth, identification document);

contact details (telephone

number, e-mail address, home

address).

Performance of the contract.

Invoicing.

Commitment data (the

C u s t o m e r ' s c u r r e n t

commitments, duly performed

( h i s t o r i c a l ) c o m m i t m e n t s

(payment discipline), as well as

i m p r o p e r l y p e r f o r m e d

commitments (debts), including,

but not limited to, the basis,

a m o u n t , a n c i l l a r y c l a i m s ,

maturity, date of occurrence of

the commitment).

Performance of the contract.

To provide other existing or

pot e n t i a l c r e d i t o rs o f t h e

Customer with access to the

Customer’s credit information

(credit history) in the interest of

protecting their rights.

Identification data (name,

surname, date, month and year

of birth);

Contact details (telephone

number, email address, home

address).

Consent.

For administering personalised

offers and other benefits;

Direct marketing.

Contract documentation and

documentation related to the

service (including the

C u s t o m e r ' s f i l e ( e . g .

applications, requests,

complaints submitted by the

Customer; notices, warnings,

etc. sent to the Customer).

To comply with a legal obligation

to which the controller is subject

(document storage, archiving,

bookkeeping requirements;

requirements arising from the

Consumer Rights Protection

Law and other requirements set

out in regulatory enactments

that apply to the economic

activity of the controller).

Bookkeeping, record-keeping,

archiving, etc.

Identifying data (e.g. name,

surname, personal identification

number, declared address of

residence).

The legitimate interests of the

controller (establishment of a

right of recourse).

Establishing, defending,

assigning and providing

evidence against claims of non-

conformity of service, as well as

providing evidence against a

possible claim arising in delict.

Communication and device

data: data contained in

communications, emails, visual

images, video and/or audio

recordings, and other forms of

communication and interaction

data;

Data collected when the

Customer visits the website,

mobile application or other

channels of communication;

data on habits, preferences and

satisfaction, such as usage

activity, services used, personal

preferences, survey responses,

customer satisfaction:

1) technical information (e.g.

device type, Internet Protocol

(IP ) addr ess an d I ntern et

Service Provider (ISP) used to

connect the device to the

Internet; registration information;

browser type and version; time

zone settings, browser plug-in

types and versions, operating

system and platform, screen

resolution, location, font

encoding;

2) visit information, including full

URLs, clickstreams to, through

and from the website (including

date and time); services viewed

or searched for; reference/exit

pages, files viewed on the

website (e.g. HTML pages,

graphics, etc.); and (e.g. HTML

pages, HTML files, web pages

(e.g. HTML pages, HTML files,

web pages with HTML content,

etc.), page response times,

download errors, duration of visit

to certain pages, page

interaction information (such as

scrolling, clicks and mouse-

overs) and methods used to

navigate away from the page,

d a t e / t i m e s t a m p a n d / o r

clickstream data;

the telephone number used to

contact a representative of the

Company.

Contract performance and

service provision;

To protect the vital interests of

the Customer (personal data);

To meet the legitimate interests

of the Controller (performance of

management functions;

monitoring, improving and

developing the quality of service

provision and/or Customer

service; testing the website,

mobile application, digital

environment; information

security and improvement of

te c hn i cal s yst e ms a nd I T

infrastructure to prevent, limit

and investigate misuse or

unlawful use or disruption of

services, including fraudulent

activities; establishment of rights

of recourse);

C u s t o m e r c on s e n t t o t h e

processing of personal data

(including the use of cookies

when visiting the website);

Customer consent to automated

processing of personal data,

including profiling;

C u s t o m e r c on s e n t t o t h e

processing of personal data

(including direct marketing).

F o r g e n e r a l C u s t o m e r

Relationship Management and

access to and administration of

services: to provide services

and to ensure the timeliness and

accuracy of personal data by

checking and updating data;

Maintaining Customer’s file

documentation;

I n f o r m a t i o n s e c u r i t y a n d

t e c h n i c a l s y s t e m a n d I T

infrastructure development;

Prevention or detection of

criminal offences in connection

with the protection of property

owned or used by the Controller

(including website security);

The performance of

management functions

(business strategy, sound risk

management and corporate

governance);

Monitoring, improving and

enhancing the quality of service

provision and/or Customer

service; measuring productivity;

Prevention of fraudulent use and

proper performance of services,

to sanction and control access

to and operation of digital

channels, to prevent

u n a u t h o r i s e d a c c e s s a n d

fraudulent use, and to ensure

information security;

To improve technical systems,

IT infrastructure, to adapt the

display of the service on devices

and to develop services, for

e x a m p l e : b y t e s t i n g a n d

improving technical systems and

IT infrastructure;

Preparation of personalized and

tailored information, provision of

a more user-friendly service:

!F o r a d m i n i s t e r i n g

personalised offers and

other benefits;

!Direct marketing.

3. THE SOURCES OF PERSONAL DATA.

Personal Data may be obtained directly from the User (the User provides information by

completing submissions, through social media, by mail, by email, by telephone, or through any other

media or services), from the use of the Services (the email communications and documents including

interactions and communications with the Company), and from external sources, including public and

private registries, databases and publicly accessible trusted websites (through KYC ("know your

customer") procedures), and from third parties (credit and financial institutions, the National Revenue

Service and bailiffs) as mutually agreed or as required by law or regulation.

4. RETENTION OF DATA

The Company will retain your Personal Data only for as long as is necessary for the purposes set

out in this Privacy Policy.

We will retain and use your Personal Data to the extent necessary to comply with our legal

obligations (for example, if we are required to retain your data to comply with applicable laws), resolve

disputes, and enforce our legal agreements and policies. The Company will also retain Usage Data for

internal analysis purposes.

Where the same personal data are processed for more than one purpose, they shall be kept for

the longer applicable retention period.

The storage period of the processed personal data may be based on the Customer's (data

subject's) consent (until revocation, if there is no other basis for processing the personal data), the

Contract (to provide evidence against claims of non-compliance with the service and/or performance of

the obligations under the Contract, as well as to provide evidence against a potential claim, arising from

a tort, the retention period is ten years from the date of performance of the service or the Contract), the

legitimate interests of the Controller or a legal obligation to which the Controller is a subject arising from

applicable laws and regulations (e.g. laws and regulations on accounting (basic accounting documents

to be kept for 10 years); laws and regulations on archiving of documents, etc. etc.).

If none of the legal grounds for processing personal data no longer exist and the normative acts

do not provide for a longer period of storage of personal data, the Controller shall delete the personal

data.

5. TERRITORY OF PROCESSING OF PERSONAL DATA AND TRANSFER OF PERSONAL

DATA

Personal data is processed in the European Union / European Economic Area (EU / EEA).

However, if the Personal Data is transferred outside the EU / EEA, the Company undertakes to

take all necessary security measures to ensure the same level of security of Personal Data as in the EU

/ EEA, and appropriate guarantees in accordance with the provisions of Article 46 of the GDPR. The

Company shall transfer Personal Data to a third country or to an international organisation only if there

is a legitimate basis for it and appropriate safeguards have been put in place:

(a) the European Commission has decided in accordance with Article 45 of the GDPR that the

third country or organisation concerned ensures an adequate level of protection; or

(b) the controller or processor has provided adequate guarantees in accordance with Articles 46

or 47 of the GDPR: (i) binding corporate rules; (ii) standard contractual clauses adopted and approved

by the European Commission or the national supervisory authority; (iii) other ad hoc contractual

clauses, if approved by the competent national supervisory authority; (iv) an approved code of conduct

together with a binding and legally enforceable commitment by the third-country data controller or

processor to apply the relevant safeguards; (v) an approved certification mechanism together with a

binding and legally enforceable commitment by the third-country data controller or processor to apply

the relevant safeguards; or

consented to the proposed transfer, after having been informed of the possible risks of such transfers

for the data subject due to the absence of an adequacy decision and appropriate safeguards; (ii) where

the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the

data subject between the controller and another natural or legal person; (iii) the transfer is necessary for

the establishment, exercise or defence of legal claims; (iv) where the transfer is necessary for important

reasons of public interest; (v) where it is necessary for the protection of the vital interests of the data

subject or of another natural person, where the data subject is physically or legally incapable of giving

consent.

Upon a written request, the User can receive more detailed information on the transfer of

Personal Data to countries outside the EU / EEA.

In the event of any onward transfer, the Company will comply with all other safeguards, in

particular the purpose limitation. The Company will take all steps reasonably necessary to ensure that

your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of

your Personal Data will take place to an organization or a country unless there are adequate controls in

place including the security of your Personal Data and other personal information.

6. DISCLOSURE OF DATA

When the Company receives and transfers your Personal Data to Data Processors who process

Personal Data on behalf of the Company, the Company shall take all necessary measures to ensure

that the Personal Data is processed by the Data Processors in accordance with the agreement or

regulatory enactments and documented Company instructions.

When the Company receives and transfers your Personal Data to the Third parties (independent

Data Controllers), the Third parties, as independent Data Controllers, process the Personal Data in

accordance with their privacy policies, which are available on the website of the respective service

provider.

6.1. Legal Requirements

Under certain circumstances, the Company may be required to disclose your Personal Data if

required to do so by law or in response to valid requests by public authorities (e.g. Consumer Rights

Protection Centre, State Revenue Service, courts, government agency, out-of-court dispute resolution

institutions, insolvency process administrators, sworn bailiffs, etc).

The Company may disclose your Personal Data:

•To comply with a legal obligation

•To protect and defend the rights or property of the Company

•To prevent or investigate possible wrongdoing in connection with the Service

•To protect the personal safety of Users of the Service or the public

•To protect against legal liability.

6.2. Service Providers (Sub-contractors)

The Company may employ third party companies and individuals to facilitate our Service

("Service Providers"), to provide the Service on the Company’s behalf, to perform Service-related

services or to assist us in analyzing how our Service is used.

The Company may disclose your Personal Data to the Service Providers including, but not limited

to:

- companies in the same group as the Company and the authorities of the country of residence of

their shareholders/members, if so requested by such authorities;

!"#$%&'(&")*'"#%'+,-$"&$%+,.$&"/'"'%"'/*$%),&$".''#$%0/$"),/*"/*$"1'2#0(3",("'%-$%"/'"#%'+,-$"

&$%+,.$&"'%"#$%4'%2"/*$,%"'56,708'(&"9(-$%"/*$"07%$$2$(/")*$%$"-,&.6'&9%$"'4"#$%&'(06"-0/0",&"

($.$&&0%3"4'%"/*$"#%'+,&,'("'4"/*0/"&$%+,.$"'%".''#$%08'(":$;7;<".%$-,/",(4'%208'("59%$09&"

=%$->8(4'%2?.,@0&"A,%'@&"BC1<"%$7,&/%08'("D'"EFGFHIJHEKH"0(-"1LMNO"A,%'@&"BC1<"%$7,&/%08'("D'"

EFGFHKEJJGP<"$/.;QR"

- a person to whom (or through whom) the Company transfers or the Company intends to transfer

a right of claim arising under the contract (assignment);

!"'/*$%"/*,%-"#0%8$&"/'"#%'/$./"/*$"1'2#0(3S&"6$7,820/$"%,7*/&"'%",(".0&$&")*$%$"/*$"19&/'2$%"*0&"

40,6$-"/'"#%'#$%63"#$%4'%2",/&"'56,708'(&"9(-$%"/*$".'(/%0./":$;7;"#$%&'(&"#%'+,-,(7"-$5/".'66$.8'("

&$%+,.$&"/'"/*$"1'2#0(3"'("0".'(/%0./906"50&,&<",(.69-,(7"59/"('/"6,2,/$-"/'"T09&"='(&96/&<"CUV<"

%$7,&/%08'("(';"EFFFHHWXIJF<"CUV"YZ$6+'%0C$%7$6Y<"%$7,&/%08'("D';"EFGFHPHJIKG<"CUV"YUD=VCCOY<"

%$7,&/%08'("D';"EFGFHXJXFGH<"CUV"Y1LM[U\LMNOL]"^V\_UBVY<"%$7,&/%08'("D';"EFFFHXWWIFE<"B`^UVD`C"

UD=VCCO"^V\_UBV<"CUV<"%$7,&/%08'("D';"EFFFHJGJWXX<"$/.;QR"

- server providers and data storage providers selected by the Company; website and mobile

application operators; video surveillance system providers; tele-marketing, marketing and survey

service providers, email and SMS gateway service providers, online intermediaries and other third

parties involved in the provision of the services provided by the Company (incl, banks, archiving, postal

and courier service providers, etc.), ensuring that such parties will process the Customer's personal

data only to the extent and for the purposes (purposes) set out in this Privacy Policy;

- persons who, on behalf of the Company, carry out a statistical, market or public opinion study or

survey, if the disclosure of personal data is necessary for the purpose of carrying out the study or survey

in question;

- any accounting service provider, auditor, financial adviser, legal adviser, solicitor, notary public

and/or bailiff selected by the Company.

If the Customer fails to fulfil or performs its obligations under the contract, the Company shall be

entitled, without obtaining the Customer's separate consent, to provide information on the Customer's

debt by transferring the Customer's personal data for processing to credit reference bureaus for

inclusion in credit history databases and debt collection service providers for inclusion in debt history

databases, which will result in the processing of such data in accordance with the applicable regulatory

enactments and information being transferred to third parties for assessing the creditworthiness or

managing the credit risk of third parties. The Customer agrees that his/her data from credit and debt

history databases will be disclosed to third parties.

The Company shall also use the personal data received for the purpose of communication with

the Customer and for the purpose of establishing the Customer's credit history. The Company shall also

verify and update personal data in public registers and databases established in accordance with the

statutory regulations without obtaining the Customer's prior additional consent.

For the purpose of financial management by the Company, assessing the Customer's solvency

and checking the Customer's credit history, the Company shall process natural person data received

from third parties and supplement the natural person data processing systems under their control with

information obtained about the Customer from public registers (e.g, the Customer, the personal data

processing systems of state or local government institutions (e.g. from the Population Register, the

State Social Security Agency, the State Revenue Service, etc.) or other public sources, provided that

the provision of such information or the possibility to access it complies with the provisions of regulatory

enactments.

These Service Providers have access to your Personal Data only to perform these tasks on our

behalf and are obligated not to disclose or use it for any other purpose.

6.3. Analytics (Sub-contractor)

We may use third-party Service Providers to monitor and analyze the use of our Service.

•Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website

traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared

with other Google services. Google may use the collected data to contextualize and personalize the ads

of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by

installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics

JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits

activity.

For more information on the privacy practices of Google, please visit the Google Privacy

Terms web page

6.4. Behavioral Remarketing (Sub-contractor)

The Company uses remarketing services to advertise on third party websites to you after you

visited our Service. We and our third-party vendors use Cookies to inform, optimize and serve ads

based on your past visits to our Service.

•Google Ads

Google Ads remarketing service is provided by Google Inc. You can opt-out of Google Analytics

for Display Advertising and customize the Google Display Network ads by visiting the Google

Ads Settings page.

Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web

browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data

from being collected and used by Google Analytics.

6.5. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third

party link, you will be directed to that third party's site. We strongly advise you to review the Privacy

Policy of every site you visit. We have no control over and assume no responsibility for the content,

privacy policies or practices of any third party sites or services.

7. CHILDREN'S PRIVACY

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly

collect personally identifiable information from anyone under the age of 13. If you are a parent or

guardian and you are aware that your Children has provided us with Personal Data, please contact us.

If we become aware that we have collected Personal Data from children without verification of parental

consent, we take steps to remove that information from our servers.

8. SECURITY OF DATA

The Company has established necessary legal, organizational, physical and technical security

measures to protect your Personal Data against unauthorised access, accidental or unlawful alteration,

disclosure, loss, destruction, erasure, including measures against threats caused by physical exposure

and measures implemented by means of software. Some examples of the measures we use:

Physical measures - paper-based documents containing Personal Data are stored in locked

rooms and cabinets to which only certain employees have access for fulfilling their job duties; data

processing rooms and IT-systems are sufficiently protected against fire, overheating, water, current

instability and power outages.

Technical measures - all employee work computers are protected with password protected

screensavers when the employee leaves; it is ensured that the IT- system does not accept new login

attempts and locks the username if certain number of access attempts has been exceeded; it is ensured

that especially vulnerable systems (e.g. laptops, smartphones) are sufficiently protected (using

encryption or other means).

Organizational means - all IT system Users are assigned roles and profiles; it is ensured that

access rights are deleted when an employee leaves the Company; it is ensured that there is no access

from publicly used rooms to rooms where Personal Data is being processed.

In case we use external companies for providing services, which include data processing, we

conclude data protection agreements with such Service Providers obligating them to: a) take

appropriate measures to ensure confidentiality and security of the Personal Data and ii) process

Personal Data in accordance with the applicable legal requirements.

9. YOUR RIGHTS

•Right to be informed and Right of access

If you wish to be informed what Personal Data we hold about you and receive a copy of the

Personal Data we hold about you, please contact us. Please note that we may ask you to verify your

identity before responding to such requests.

•Right to rectification

You have rights to request updating any personal information about you if it is inaccurate or

incomplete.

•Right to erasure

The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to

have Personal Data erased and to prevent processing in specific circumstances: (i) where the Personal

Data is no longer necessary in relation to the purpose for which it was originally collected/processed; (ii)

the Personal Data is processed in relation to the offer of information society services to a child; (iii)

when you withdraws consent; (iii) the Personal Data was unlawfully processed (i.e. otherwise in breach

of the GDPR); (iv) when the individual objects to the processing and there is no overriding legitimate

interest or other legal basis for continuing the processing; (v) the Personal Data has to be erased in

order to comply with a legal obligation.

•Right to restrict processing

You have rights under certain circumstances to request to ‘block’ or suppress processing of

Personal Data for a certain period (e.g. if you have objected to Personal Data processing). When

processing is restricted, we are permitted to store the Personal Data, but not further process it.

•Right to object

You have the right to object to such data processing which is based on the Company’s legitimate

interest incl. profiling based on our legitimate interest. We shall stop processing your Personal Data

when you present an objection, unless we can demonstrate compelling legitimate grounds for the

processing or processing is needed for the establishment, exercise or defense of legal claims. You also

have the right to object at any time to processing of your Personal Data concerning for direct marketing.

Upon receiving such objection, we shall stop processing your Personal Data for direct marketing.

•Right to data portability

In case processing the Personal Data is based on your consent or on a contract between us and

Personal Data is processed automatically, you have the right to access Personal Data concerning you

which you have given to us in a structured, generally usable and in machine readable form. You have

rights to move, copy or transfer Personal Data easily from one IT environment to another in a safe and

secure way. We will provide all Personal Data in a structured way using open formats like CSV.

•Right to withdraw your consent

You have right to withdraw your consent where the personal data is provided to the Company on

the basis of your consent (withdrawal of consent does not affect the lawfulness of processing based on

consent prior to the withdrawal);

•Right to not be subject to fully automated decision-making, including profiling

You have right not to be subject to fully automated decision-making, including profiling, where

such decision-making has legal effects or similarly significantly affects you (data subject). This right shall

not apply if the decision-making is necessary for entering into or performance of a Contract with the

Customer (data subject), if the decision-making is permitted under applicable laws or regulations or if

the Customer (data subject) has given its explicit consent.

•Right to contact us, submit a complaint to the Data State Inspectorate of Republic of

Latvia and the court

U4"3'9")0(/"/'"$a$%.,&$"0(3"'4"/*$"05'+$2$(8'($-"%,7*/&<"#6$0&$".'(/0./"9&"9&,(7"/*$"$!20,6"0--%$&&"

,(4'b'./$660;"U("'%-$%"/'"%$&#'(-"/'"3'9%",(c9,%3<")$"29&/"d%&/"09/*$(8.0/$"3'9"/'"0+',-"7%0(8(7"

,(4'%208'("/'"9(09/*'%,e$-"#$%&'(&;"f$"),66"%$&#'(-"/'"3'9%",(c9,%,$&"),/*,("HF"-03&;"

f$"%$&#$./"3'9%"#%,+0.3"0(-"),&*"/*0/"#%'.$&&,(7"3'9%"T$%&'(06"[0/0"53"9&")'96-"5$"9(-$%&/0(-056$"

0(-"/%0(&#0%$(/;"N'%"/*0/")$"*0+$"06&'"-%0g$-"/*$&$"T%,+0.3"T'6,.3;""C*'96-"3'9"($$-"49%/*$%"

,(4'%208'("05'9/"#%'.$&&,(7"3'9%"T$%&'(06"[0/0"'%"$a$%.,&,(7"3'9%"%,7*/&<"#6$0&$".'(/0./"9&"0/"$!20,6"

0--%$&&",(4'b'./$660;"

If you believe that processing of your Personal Data violates the GDPR requirements, you have

the right to turn to the Data State Inspectorate of Republic of Latvia (info@dvi.gov.lv) and the courts to

protect your rights and interests.

10. CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify you of any changes by posting

the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our

Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy

Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this

11. CONTACT US

U4"3'9"*0+$"0(3"c9$&8'(&"05'9/"/*,&"T%,+0.3"T'6,.3<"#6$0&$".'(/0./"9&"53"$20,6h",(4'b'./$660;.'2;"