Privacy policy

The purpose of the privacy policy on the processing and protection of personal data is to provide a natural person (data subject) with information regarding the purpose, scope, and protection of personal data processing and the term of personal data processing at the time of data acquisition and during the processing of the data subject's personal data.

 

Privacy policy

The purpose of the privacy policy on the processing and protection of personal data is to provide a natural person (data subject) with information regarding the purpose, scope, and protection of personal data processing and the term of personal data processing at the time of data acquisition and during the processing of the data subject's personal data.

1. GENERAL PROVISIONS

1.1. This Privacy Policy regulates the fundamental principles, rules, and procedures for the protection and processing of personal data, as well as the manner in which the Agency of Latvia University of Life Sciences and Technologies “Malnava College of Latvia University of Life Sciences and Technologies” (hereinafter referred to as the COLLEGE) processes personal data.

1.2. Personal at the COLLEGE data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the Personal Data Processing Law, other applicable legislation in the field of privacy, data security, and processing, as well as the general regulations of the COLLEGE.

1.3. The COLLEGE processes personal data in accordance with the individual’s right to the lawful processing of personal data and the individual’s interest in protecting their privacy.

1.4. In order to exercise its rights obligations and to its perform its functions arising from the legal acts and to provide services in the most effective way, the COLLEGE needs to process and use certain types of information (data) about natural persons. Depending on the service requested or provided, or the function to be performed, personal data may be processed within the meaning of the General Data Protection Regulation.

1.5. Data Controller and Contact Information:

Data Controller: Agency of Latvia University of Life Sciences and Technologies “Malnava College of Latvia University of Life Sciences and Technologies” (hereinafter referred to as the COLLEGE)

Registration number: 4297002587

VAT: LV90000019505

Address: 17 Kļavu iela, Malnava, Malnavas pagastā, Ludzas novadā, LV 5750, latvia

Phone: +271 65733100

Email: info@malnavaskoledza.lv 

1.6. Place of personal data processing: Kļavu ielā 17, Malnavā, Malnavas pagastā, Ludzas novadā, Latvia.

1.7. Data Protection Specialist: to obtain clarification regarding the processing of personal data by the COLLEGE or to file a complaint, individuals may contact the COLLEGE’s Data Protection Specialist, Andris Skredeļs, by email: andris.skredels@malnavaskoledza.lv.

1.8. With this Personal Data Processing and Protection Policy, the COLLEGE wishes to emphasize its firm commitment to ensuring the protection of personal data and notes that, in all your communications and interactions with the COLLEGE, it will strive to ensure the security of the personal data it processes.

2. AIM

 

2.1. The aim of the Privacy Policy is to provide a natural person (data subject) with information about the purpose, scope, protection and period of processing of personal data at the time of obtaining data and when processing the data of the data subject. 

2.2.  The Privacy Policy is designed to apply the principles set out in the COLLEGE on the processing and protection of personal data to the extent that they do not conflict with the regulatory enactments and the general provisions of the COLLEGE, to maintain a high level of personal data processing quality, and to ensure a fair, transparent and comprehensible process of the personal data processing.

3. PURPOSES OF THE PERSONAL DATA PROCESSING

3.1. Processing of personal data is necessary for the COLLEGE to perform its functions and tasks specified in the regulatory enactments (laws, regulations of the Cabinet of Ministers, etc.), including for personnel management, conclusion of contracts, financial and accounting management, systematic document circulation, public procurement accounting and administration, student and learners accounting and administration, prevention or detection of criminal offences against property and persons, as well as protection of vital interests.

3.2. Processing means any operation performed on data, including collection, recording, structuring, retrieval, storage, destruction, etc. (in accordance with Article 4(2) of the GDPR).

3.3. The COLLEGE may store personal data in an archive to preserve evidence, for historical purposes or to use it for research or statistical purposes.

3.4. When processing personal data for certain purposes, the principles of personal data processing and protection are observed in all data processing stages.

3.5. In the COLLEGE, personal data is processed in accordance with the applicable external and internal regulatory enactments, including for the following purposes:

3.5.1. addressing applicants, selecting applicants and preparing student personal files. The processing of personal data is carried out on the basis of the law, contract, the consent of the Person, and legitimate interest;

3.5.2. ensuring the study process, including preparation of the study contract, preparation, awarding, and accounting of diplomas, preparation, awarding and accounting of certificates, confirmations, awards, etc. The processing of personal data is carried out on a legal basis.

3.5.3. for the analysis and provision of study, research, and administrative management processes. The processing of personal data is carried out on the basis of law, contract, consent of the Person, and legitimate interest;

3.5.4. provision of library and reading room services. The processing of personal data is carried out on a legal basis and on the basis of a contract;

3.5.5. receiving services and preparing contracts, fulfilling the terms of the concluded contracts and related regulations, including amending contracts. The processing of personal data is carried out on a legal basis and on the basis of a contract;

3.5.6. establishment (including selection) and provision of employment relationship. Processing of personal data is carried out on the basis of law, contract, consent of the Person, and legitimate interest;

3.5.7. compliance with the requirements of regulatory enactments governing accounting. The processing of personal data is carried out on the basis of law, contract, and legitimate interest;

3.5.8. processing and control of payments, including payment of salaries, recovery and collection of study debts. The processing of personal data is carried out on the basis of law, contract, and legitimate interest;

3.5.9. ensuring labour protection requirements for students and staff. Personal data processing is carried out on the basis of law, contract;

3.5.10. processing of applications, statements, complaints, and claims. Processing of personal data is carried out on the basis of law and legitimate interest;

3.5.11. administration and control of access rights. Processing of personal data is carried out on the basis of law, contract, consent of the Person, and legitimate interest;

3.5.12. organisation of health insurance for employees and students. Personal data is processed on the basis of a contract and legitimate interest;

3.5.13. Maintenance and improvement of the COLLEGE’s website (cookies). Processing of personal data is carried out on the basis of legitimate interest;

3.5.14. providing information to public administration institutions and subjects of operational activity in the cases and to the extent specified in external regulatory enactments. Processing of personal data is carried out on the basis of law;

3.5.15. organisational management, planning and accounting of the COLLEGE (including document management, processes, services, information systems, ensuring the continuity of the company, public relations, and social responsibility). Processing of personal data is carried out on the basis of law, contract, consent of the Person, and legitimate interest;

3.5.16. Security of the COLLEGE infrastructure, services, information, employees, students, and visitors, prevention of illegal or other threats, facilitation of the detection of criminal offences, including security and property protection (video surveillance, access control systems). Processing of personal data is carried out on the basis of law, contract, consent of the Person, vital interests, and legitimate interest;

3.5.17. scientific or academic research. Processing of personal data is performed on the basis of law, contract, consent of the Person;

3.5.18. for the prevention of threats to the health of students and staff, and for the provision of studies, scientific and administrative activities - processing of special categories or sensitive personal data, if there is a legal basis and one of the special conditions for processing sensitive personal data provided for in Article 9 of the Regulation is applicable. Processing of personal data is carried out on the basis of law, contract, consent of the Person, and legitimate interest;

3.5.19. for the administration of Erasmus+ projects;

3.5.20. for other specific purposes, about which the Persons are informed before providing the data.

4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

4.1. The COLLEGE processes personal data only if the processing has an appropriate purpose and legal basis.

4.2. The COLLEGE processes personal data on the following legal grounds:

4.2.1. in accordance with the data subject’s consent (Article 6(1)(a) of the Regulation);

4.2.2. to conclude and perform the contract (Article 6(1)(b) of the Regulation);

4.2.3. to fulfil the obligations set out in the binding legal acts of the COLLEGE (Article 6(1)(c) of the Regulation);

4.2.4. to protect the vital interests of the data subject or of another natural person (Article 6(1)(d) of the Regulation);

4.2.5. to perform a task carried out in the public interest or in the exercise of the official powers legally granted to the controller (Article 6(1)(e) of the Regulation);

4.2.6. to implement legitimate (lawful) interests arising from the existing obligations or in a concluded contract, or from the law (Article 6(1)(f) of the Regulation).

5. CATEGORIES OF PERSONAL DATA

5.1. Personal data means information relating to an identified or identifiable natural person, such as a person's name, surname, personal identification number, date of birth, contact information (to ensure effective communication), information that we ask to provide in order to provide the person with the relevant service, etc. (in accordance with Article 4(1) of the GDPR).

5.2. In order to establish business relations or to make decisions related to business relations or to ensure the performance of other tasks of the COLLEGE, personal data may be obtained from the data subject itself or from third parties – external sources, databases used in the COLLEGE, registers, and public sources.

5.3. The categories of personal data processed by the COLLEGE depend on the specific tasks and services provided by the COLLEGE. The COLLEGE will mainly, but not exclusively, process the following categories of personal data for the purposes specified in this policy:

5.3.1. Personal identification data – name, surname, personal code/ID, date of birth, passport number/ID number, signature; photo;

5.3.2.  Contact information – address, telephone number, e-mail address;

5.3.4. Details of contact persons – name, surname, e-mail address, telephone number of the contact person;

5.3.5. Contract details – contract number, date of signing/ approval, type of service, address of the service, number of the annex, date of the annex;

5.3.6. Transaction details – transaction number, date, transaction name, type;

5.3.7. Communication data – type of incoming/ outgoing communication, number, date, registrant, content, channel, delivery status;

5.3.8. Product purchase data – name of the product, date of purchase, delivery note number, method of receipt of the product, price, payment method;

5.3.9. Billing data – payment processor data, payment system account number, payer's data, bank account number, invoice number, date, amount, invoice receipt method, payment date, payment method, check number, payment order number, debt amount, debt collection information;

5.3.10. Photos, videos, and pictures – photos from public events, date the photos were taken, data obtained as a result of video surveillance - video image, time.

5.4. The COLLEGE does not request from a person and does not process more information than is necessary to achieve a specific purpose, thus complying with the principle of data minimization. The amount of personal data required for certain purposes is determined by national regulations, in other cases the COLLEGE itself evaluates what information to request from the data subject in order to ensure the achievement of the purpose of processing, while complying with the principle of data minimization.

6. CATEGORIES OF RECIPIENTS OF PERSONAL DATA

6.1. The COLLEGE discloses the data of data subjects in accordance with the purposes of the COLLEGE 's data processing specified in the principles. Recipients of personal data may be authorised employees of the Controller, the data subject, processors of personal data, local government and state institutions (for example, the Ministry of Education and Science, the State Employment Agency, the State Revenue Service, investigative authorities, courts, etc.).

6.2. The COLLEGE is obliged to provide the data of data subjects in cases provided for by regulatory enactments, in the prescribed manner and in the amount, (for example, to the Ministry of Education and Science, the SSIA, the SRS, investigative authorities, courts, bailiffs, etc.) including for the protection of the COLLEGE's legitimate interests.

6.3. The COLLEGE discloses the data of data subjects to personal data processors and third parties only to the extent that is reasonably necessary for the relevant purpose of the data subject's data processing.

6.4. Transfer of personal data to third countries:

6.4.1. Personal data may be stored and processed in the European Union and the European Economic Area.

6.4.2. In certain cases, in compliance with the requirements of regulatory enactments, the COLLEGE may transfer personal data to countries outside the European Union and the European Economic Area, respectively ensuring the level of personal data processing and data protection specified in regulatory enactments and equivalent to the General Data Protection Regulation.

6.5. The COLLEGE will exchange your personal data with organisations or service providers that provide sufficient guarantees that appropriate technical and organisational measures will be implemented in such a way that the processing will comply with the requirements of the legislation on the protection of personal data and ensure the protection of the rights of the data subject, and which are able to fulfil the obligations laid down in the legislation on the protection of personal data. These warranties and provisions are stipulated in agreements with organisations and third parties.

6.6. The COLLEGE will not use personal data for commercial shipments, unless the person has expressed a consent to the COLLEGE to do so.

7. PERSONAL DATA RETENTION PERIOD 

7.1. The COLLEGE stores personal data for no longer than is necessary to achieve the relevant purpose of personal data processing.

7.2. The COLLEGE stores personal data for as long as one of the following criteria exists:

7.2.1. the term of storage of personal data is determined or follows from the regulatory enactments of the Republic of Latvia and the European Union;

7.2.2. personal data must be stored for a certain period of time in order to ensure the realization and protection of the legitimate interests of the Controller or a third party;

7.2.3. until the consent of the person to the processing of personal data has been withdrawn and there is no other legal basis for the processing of the data.

7.3. At the end of the storage period, personal data will be permanently deleted, unless there is an obligation to keep them in accordance with the regulatory enactments.

8. PROTECTION OF PERSONAL DATA

8.1. The COLLEGE ensures, constantly reviews and improves personal data protection measures to protect personal data from unauthorized access, accidental loss, disclosure, or deletion. To ensure this, the COLLEGE uses up-to-date, modern technical and organizational requirements, taking into account existing privacy risks and the organizational, financial, and technical resources reasonably available to the COLLEGE.

8.2. The COLLEGE carefully inspects all service providers who process personal data in the name and on behalf of the controller, as well as assesses whether cooperation partners (processors of personal data) apply appropriate security measures to ensure that personal data is processed in accordance with the controller delegation and regulatory requirements.

8.3. In the case of a personal data security incident, if it poses the highest possible risk to the data subject's rights and freedoms, the COLLEGE notifies the relevant data subject, if possible, and the Data State Inspectorate, or publishes the information on the controller's website or in another possible way such as using mass media.

9. RIGHTS OF THE DATA SUBJECT

9.1. The data subject has the right to request access to their personal data in accordance with the regulatory enactments, as well as to request the COLLEGE to supplement, correct or delete them, or to restrict the processing in relation to the data subject, or the right to object to the processing, including the processing of personal data carried out on the basis of legitimate (legitimate) interests, as well as the right to data portability. 

9.2. The data subject is entitled to obtain information on the natural or legal persons who have received information on the person from the controller within a specified period of time. It is prohibited to include in the information to be provided to the data subject the state institutions that are the initiators of 

Criminal proceedings, the subjects of operational activities, or other institutions about which the provision of information is prohibited by law.

9.3. The person is also entitled to receive the following information, if applicable in the specific case:

9.3.1. the name or first name and surname of the controller, as well as the address;

9.3.2. contact details of the data specialist or the person responsible for data processing;

9.3.3. the purpose, legal basis and method of processing personal data;

9.3.4. the legitimate interests of the controller or a third party for carrying out video surveillance;

9.3.5. the recipients or categories of recipients of the personal data, if any;

9.3.6. information that the controller intends to transfer personal data to a third country or an international organisation;

9.3.7. the date on which the data subject's personal data were last amended, deleted or blocked;

9.3.8. the source of the personal data, unless the law prohibits the disclosure of this information;

9.3.9. the period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period;

9.3.10. information that the controller has the right to request access to and rectification or erasure of personal data concerning the data subject, or restriction of processing concerning the data subject, or to object to processing, as well as the right to data portability;

9.3.11. the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;

9.3.12. the right to lodge a complaint with a supervisory authority;

9.3.13. information on whether the provision of personal data is required by law or contract, whether it is a prerequisite for concluding a contract, and whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data;

9.3.14. the existence of automated decision-making, including profiling.

9.4. The data subject may submit a request for the exercise of their rights:

9.4.1. in writing in person at Kļavu iela 17, Malnava, Malnavas pag., Ludzas nov., Latvia presenting an identity document;

9.4.2. in free form by electronic mail writing to the official electronic address;

9.4.3. in the form of electronic mail, by sending a data subject request signed with a secure electronic signature to the e-mail address info@malnavaskoledza.lv

9.5. Upon receiving a request from the Data Subject for the exercise of their rights in person, the COLLEGE shall verify the identity of the Person, evaluate the request and fulfil it in accordance with the regulatory enactments.

9.6. The COLLEGE shall send the response to the request by post to the specified contact address by registered mail, deliver in person, or send it to the e-mail address specified in the application, taking into account, as far as possible, the method of receipt of the response specified by the Person, provided that the Person has confirmed their identity.

9.7. If the COLLEGE has reasonable grounds to reject the request of the data subject due to the circumstances specified in the regulatory enactments, the COLLEGE will inform the data subject in writing about the refusal explaining the reasons.

9.8. The person has the right to withdraw the consent given for the processing of data at any time, in which case the further processing of data based on the previously given consent will not be carried out for the specific purpose.

9.9. The withdrawal of consent does not affect the processing of data carried out at the time when the Person's consent was valid.

9.10. Withdrawing consent shall not prevent the processing of data based on other legal grounds.

9.11. The COLLEGE shall ensure compliance with data processing and protection requirements in accordance with regulatory enactments and, in case of an objection, shall take appropriate action to resolve the objection. In any case, the person shall retain the right to appeal to the supervisory authority – the State Data Inspectorate or other law enforcement authorities.

9.12. The Person is obliged to provide the COLLEGE with information about changes in their personal data held by the College within a reasonable period of time.

9.13. If necessary, the Person may contact the head of their study programme (if the Person is a student of the COLLEGE) or the head of their structural unit (if the Person is an employee of the COLLEGE) to obtain information about the exercise of their rights.

9.14. The Person is obliged to familiarize themselves with the Privacy Policy before starting any type of cooperation (including, but not limited to, employment relationships, service and study contracts, etc.).

10. COLLEGE`S DATA PROCESSING OBLIGATIONS

10.1. Within the framework of the processing of personal data, the COLLEGE ensures:

10.1.1. information to the Person in accordance with Articles 13 and 14 of the Regulation;

10.1.2. the opportunity for the Person to correct their personal data if the personal data is inaccurate;

10.1.3. taking technical and organizational measures to protect personal data against accidental, unauthorized or unlawful access, disclosure, correction, or loss;

10.1.4. without undue delay to notify the Person of personal data protection violations in order to prevent damage to the rights and freedoms of natural persons;

10.1.5. personal data processing is carried out only by those employees of the COLLEGE who are entitled to do so in accordance with their job duties;

10.1.6. if the purpose of processing personal data changes, the COLLEGE informs the specific data subject about the change in the purpose of data processing and provides him with the necessary additional information before further processing.

11. COMMERCIAL NOTICES

11.1. The COLLEGE communicates commercial notices regarding the services of the College and/or third parties and other notices not directly related to the provision of contracted services (e.g., surveys of Persons) in accordance with the provisions of external regulatory enactments or with the consent of the Person.

11.2. The consent given by the Person to receive commercial notices are be valid until its withdrawal (also after the termination of the contract, if any). The Person may at any time refuse to receive further commercial notices in one of the following ways:

11.2.1. by sending an e-mail to the official address info@malnavaskoledza,lv;

11.2.2. in person, at Kļavu iela 17, Malnava, Malnava parish, Ludza county.

11.2.3. in certain cases, in the manner and procedure specified in the information prior to receipt of the Person`s consent.

11.3. The COLLEGE stops sending commercial communications as soon as the Person's request is processed.

12. PROVISION OF REMOTE WORK AND STUDY PROCESS

12.1. The COLLEGE organizes the remote study process in the E-study environment Moodle or on the MS Teams platform. The functionality of the e-study environment provides a wide range of e-examination organization (electronic tests, clinical case analysis, online essays, submission of written or audiovisual materials, etc.), assessment options, while the Zoom platform provides for the organization of remote tests and /or classes.

12.2. The COLLEGE organizes the remote online work process on the Zoom, MS Teams, and other platforms.

12.3. The legal basis for the processing of personal data for the organization of remote online classes and work is Article 6(1)(e) of the Regulation (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller by law) and/or Article 6(1)(c) of the Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject).

13. FINAL PROVISIONS

13.1. No automated decision-making is carried out with regard to the processing of personal data.

13.2. Website visits and use of cookies on the website:

13.2.1. The COLLEGE website uses cookies. Cookies are used to improve the quality of content, make it more convenient to use and adapt to the needs of users, to facilitate their use of the website, to remember the screen settings specified by the user, to record whether you have already been shown a notification that cookies are used on the https://www.malnavaskoledza.lv website. Information about the use of cookies can be found on the relevant website.

13.2.2. A cookie is a small text file that is sent to the user's computer or mobile device when visiting the website. Cookies act as a memory for a particular website, allowing the website to remember the user's computer on subsequent visits, including remembering the settings specified by the user. Cookies are not used to personally identify you.

13.2.3. The COLLEGE websites may contain links to third-party websites that have their own terms of use and personal data protection, for which the COLLEGE is not responsible.

13.3. Taking photos, videos, audio and audiovisual recordings:

13.3.1. In order to inform visitors to the COLLEGE, as well as other interested parties, about the activities and events taking place at the COLLEGE, photos, videos, audio and audiovisual recordings may be taken.

13.3.2. Information on the making of photo, video, audio, or audiovisual recordings at events organized by the COLLEGE is provided on posters of planned events, on signs at event venues or otherwise, depending on the nature of the event.

13.3.3. The captured photos or audio, video, and audiovisual recordings may be placed on websites, in the press, and other mass media, in representations, including printed materials, and social network profiles.

13.3.4. In cases where the processing of personal data requires the consent of the person, a COLLEGE employee or its authorized representative may address the person directly and request their permission to record Personal Data in photo, audio, video, or audiovisual form and to make this recording public. In situations where the data subject allows the recording of photo, audio, video, or audiovisual recording and to make it public, it is considered that the data subject has given consent to the processing of their personal data (to make their photo, audio, video, or audiovisual recording public). In certain cases, the data subject may be asked to provide their consent in writing.

13.4. THE COLLEGE has the right to make additions to the Privacy Policy, making its current version available to the Person on the website https://www.malnavaskoledza.lv.

 

Effective from 01.01.2022.

Updated on 19.07.2023.

 

 

This website was created as part of project No. 5.2.1.1.i.0/2/24/I/CFLA/002 Strengthening LBTU's Institutional Capacity for Excellence in Studies and Research. The aim of the project - to make structural changes at LBTU in order to promote excellence and quality of higher education and science, efficiency of resource investment, and international competitiveness.
Mājaslapa veidota projekta Nr. 5.2.1.1.i.0/2/24/I/CFLA/002