Privacy Policy

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR") applies only to the processing of personal data of natural persons.

Data Controller

SIA "AUTOAKADEMIA", Reg. No.: 40203680788
Legal address: Elijas iela 8E, Rīga, LV-1050
E-mail: info@autoakademia.lv

Purpose of Data Processing

To provide the Data Subject — a natural person — with driving school services and to carry out activities related to the provision of the service.

Scope of Data Processing

The Controller processes personal data for the purpose of providing driving school services. The Controller ensures that the Data Subject's personal data are protected in accordance with GDPR requirements. The Controller collects, processes and uses the Data Subject's data only to the extent necessary for the provision of driving school services and the conclusion of the Agreement. The Controller guarantees and undertakes to take all necessary measures to ensure that the Data Subject's data are kept confidential and stored securely.

Purposes and Legal Basis of Data Processing

The Controller may use the personal data submitted by the Data Subject (on the basis of the Agreement, law, legitimate interests or the Data Subject's consent) for the following purposes:

  • To provide driving school services (on the basis of the Agreement or the Data Subject's consent);
  • To contact the Data Subject on matters related to the provision of services (service quality, new service offers and other matters).

Categories of Personal Data Recipients

The Data Subject's personal data may be transferred to third parties only to the extent and in the manner specified in the Agreement for the provision of driving school services or in the Terms of Use. The Controller undertakes to comply with the GDPR and other regulations when transferring the Data Subject's personal data, as well as the terms of the concluded Agreement. The Data Subject's personal data may be transferred to:

  • The Controller's employees and cooperation partners with whom a cooperation agreement has been concluded, and who need it for the performance of driving school duties (in accordance with the terms of the Agreement);
  • The Data Subject themselves in accordance with GDPR provisions;
  • State authorities for the fulfilment of regulatory requirements;
  • In cases where subcontractors are engaged to provide services, who are considered sub-processors of personal data, the Controller engages only those service providers who guarantee the implementation of appropriate technical and organisational measures for personal data processing in such a way as to ensure the protection of the rights of data subjects in accordance with the GDPR and regulatory requirements.

Retention Period of Personal Data

The Data Subject's personal data are processed only for the purposes mentioned above and for as long as necessary to achieve those purposes, to protect the interests of the Controller and the Data Subject, or to comply with the deadlines set by laws and regulations. The Controller destroys the Data Subject's personal data as soon as the need to process them ceases. Personal data is restricted access information that can only be accessed by those employees who need access to this data in order to perform their work tasks. All of the Controller's employees are trained to be able to protect the Data Subject's rights.

Rights of the Data Subject

The Data Subject has the right to receive confirmation from the Controller as to whether or not personal data concerning the Data Subject is being processed. The Data Subject is entitled to request:

  • correction of their data;
  • deletion of their data;
  • restriction of processing of their data;
  • to object to the processing of their data;
  • to withdraw consent at any time;
  • to lodge a complaint with a supervisory authority.

Personal Data Security

The Controller ensures and implements appropriate physical, technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction, or damage to personal data, including by performing appropriate encryption of personal data. The Controller tests its security measures implemented to ensure the processing of personal data. The Controller ensures that persons who are authorised to process personal data have undertaken confidentiality obligations.

← Back to Home