Privacy Policy

1. Who are we?

We are Equilia Group, which includes:

• SIA „Sefinance”, registration number 40103224297, legal address Skanstes iela 7 k-1, Riga, LV-1013;
• SIA “Sefinance Credit”, registration number 40103782232, legal address Skanstes iela 7 k-1, Riga, LV-1013;
• SIA “SEBI” , registration number 40103969683, legal address Skanstes iela 7 k-1, Riga, LV-1013;
• SIA “LK Capital”, registration number 40203270288, legal address Skanstes iela 7 k-1, Riga, LV-1013;
• SIA “Kredītu risinājumu centrs”, registration number 40203366974,legal address Skanstes iela 7 k-1, Riga, LV-1013;
• SIA SETECH, registration number 40203020143,legal address Skanstes iela 7 k-1, Riga, LV-1013; and
• UAB “Vertikalus dangus”, registration number 305088516, legal address Olimpiečių g. 5, Vilnius, LT-09232.

(hereinafter “we”, “our”, “us”) and this is our privacy policy (hereinafter “Policy”). The purpose of this Privacy Policy is to explain to you, the data subject, how we, the data controller, process your personal data and to inform you of the ways in which you can contact us in order to exercise your rights guaranteed by the General Data Protection Regulation (hereinafter “GDPR”) and Latvian laws.

As the general objective of the legal framework of personal data protection is ensuring the privacy of individuals, and the only way to ensure that this objective is met is to make the protection of personal data an integral part of our activities, we ensure that all personal data that comes into our possession is adequately protected and kept secure. Adequate protection means the use of the appropriate technical and organisational measures and the processing of personal data in accordance with the GDPR and applicable Latvian laws.

The terms used in this Policy have the meaning attributed to them in Article 4 of GDPR.

Please contact us with any questions regarding the protection of your personal data:

• by writing to our email: info@51.20.252.200 (with a note in subject field “To Data Protection Officer“)
• by writing to our registered office at Skanstes iela 7 k-1, Riga, LV-1013 (with a note on envelope “To Data Protection Officer“).

2. What is the scope of this Policy?

This policy applies to the following groups of data subjects:

• Visitors of Equilia Group’s website (the “Website”),
• persons who apply for our vacancies, as well as persons whose data has been provided to us by applicants (e.g. personal data of referees),
• names and contact details of representatives of our potential and existing business partners and service providers,
• visitors to our offices,
• our customers,
• persons whose data is processed on social networks in connection with our marketing activities or vacancies and persons who receive our commercial communications.

Certain links on our website may lead you to other websites which have their own privacy policies which may differ from this Policy. When using these websites, you should make sure that you agree to the relevant privacy policies.

3. What personal data do we process and why?

The categories of personal data we process depend on the purposes for which the personal data are processed, but in general we as the controller process the following categories of personal data:

• Identification data: name, surname, personal identification number, date of birth, details of ID card or passport, copy of ID card or passport etc.,
• Contact details: telephone number, email, address of declared residence and actual residence, IP address and other information provided by the device or software used by the person, etc.,
• Video footage (recordings from video cameras in office premises),
• Information about person’s education, profession or occupation (including employer, position, length of employment, experience), relationships with politically exposed persons, banking information and bank account details, other information on person’s CV, other information you give us on our website or otherwise (by filling in forms or otherwise),
• Information processed for marketing purposes,
• Information processed on social networks, including Linkedin,
• Financial and other information obtained as part of investigations carried out by us,
• Cookies and other technologies that can recognise you and your preferences – please see our Cookie Policy for more details,
• Other information that you provide to us and which contains personal data, such as communications (emails, audio recordings during calls), opinions, etc.

4. How do we obtain the data?

• From the information provided by you -you provide us with your personal data by consenting to the processing of your data, by contacting us, by cooperating with us, by using our services, by visiting our website (including filling in forms, applications and questionnaires), by applying for our vacancies, by coming to our premises, by consenting to the use of cookies, etc.
• From other sources – we may obtain personal data from public registers, communication with state and local authorities, obtaining publicly available information on social networks, obtaining information from third parties specified by you, etc.

In case you provide us with your personal data, we invite you to consider the data minimisation principle and provide us only with the personal data necessary for the respective purpose.

5. Why do we process personal data?

We primarily process your personal data to contact you (including for marketing purposes), to decide whether to enter into contracts with you, to provide you with services, to comply with legal requirements or to protect our rights and legitimate interests.

We may process your personal data for the following purposes:

• For the recruitment process: processing of personal data provided in CVs and applications for the purpose of determining suitability for the vacancy, interviews, collecting and review of references,
• For business planning and analytics, including for the marketing purposes,
• For assessing potential cooperation with us and for providing of our services:  identification and regulatory checks, assessment of cooperation applications, conclusion of contracts, fulfilment of contractual obligations, development of new services, marketing and distribution of services, handling of objections and complaints, etc.
• For protection of our property (for instance, our assets, information, computer network etc.) against physical, cyber and other threats and for protection of vital interests of individuals (our employees, visitors, cooperation partners, clients etc.),
• For other purposes where the consent of data subjects will usually be obtained or opt-ot possibility will be offered, such as sending commercial notices,
• For performance of our legal obligations, including the provision of information in the cases and to the extent set out in the legal acts.

6. What is the legal basis for processing?

We may rely on legal basis for processing of your personal data set out in the GDPR and the legal acts of the Republic of Latvia:

• Your consent, for example in case of sending you commercial notices;
• Conclusion or performance of a contract, including pre-contractual evaluation of possible cooperation;
• Compliance with regulatory requirements, e.g. obligations under tax laws, laws on applicable national and international sanctions, etc;
• Protection of vital interests of individuals, for example in cases where their life or health may be affected;
• Protection of our legitimate interests, such as planning, conducting and developing our business, sending commercial notices and other information, customising our services to your needs, preventing fraud, ensuring security (including cyber security), protecting our property, etc.

You have the right to withdraw your consent for the processing of your personal data at any time by sending a written notice to info@51.20.252.200 or our registered office. In this case, no further processing based on the consent previously given for a specific purpose will be carried out, but the withdrawal of consent will not affect the processing of data carried out at the time when the consent was valid and the withdrawal of consent will not interrupt the processing of data carried out on other legal basis.

7. Why do you receive commercial notices from us?

In some cases, we may process your personal data for direct marketing purposes. We may email you:

• information about our news, offers, etc;
• invitations to participate in events organised by us, including sending summaries and conclusions related to these events;
• invitations to participate in various surveys, interviews, etc;
• invitations to fill in feedback forms, etc.

At the same time, please note that we will only process your personal data in the context of direct marketing in two cases:

• where we have received your freely given, specific, informed and unambiguous consent (i.e. you have opted in to receive direct marketing messages and have provided your personal data (for instance, email, name, etc.) – the so-called “opt-in” principle); or
• you are already our customer or cooperation partner and you have not explicitly objected to the processing of your previously provided personal data (for instance, your email, name, etc.) for the purpose of receiving direct marketing messages for similar services offered by us.  In this case we will use your contact details previously obtained from you in the course of our business activities – the so-called “soft opt-in” principle.

Please also note that you may opt-out of receiving direct marketing messages at any time. This can be done in any of the following ways:

• by writing to our email: info@51.20.252.200 (with a note in subject field “To Data Protection Officer“), or
• by writing to our registered office at Skanstes iela 7 k-1, Riga, LV-1013 (with a note on envelope “To Data Protection Officer“)Have you applied for our vacancy?

8. Have you applied for a vacancy?

Please note that we collect CVs (curriculum vitae) and accompanying documents from applicants, we contact the applicant and the referees identified by the applicant, retain CVs for other recruitment purposes – but only with the applicant’s consent, and retain data to respond to claims and to protect our legal interests before the relevant authorities and the courts.

We keep the information provided by you during the recruitment process for 6 months after the end of the recruitment process in order to respond to claims and protect our legal interests before the relevant authorities and the courts. If you have agreed in advance that we may keep the information that you have provided for other vacancies, we will keep the documents for 1 year from the date of their submission.

9. How long will we keep personal data?

We store and process personal data in accordance with our personal data retention policy for as long as at least one of the following criteria applies:

• only for as long as the contract is valid and/or the service is provided;
• the data are necessary for the purpose for which they were collected;
• until your application, complaint, claim has been fully investigated and/or acted upon;
• until we or you can exercise your legitimate interests (for example, by lodging an objection or taking legal action) in accordance with the procedures set out in applicable laws and regulations;
• as long as we are legally bound to retain the data;
• as long as your consent to the processing of your personal data is valid, unless there is another lawful basis for the processing.

Personal data shall be deleted once these circumstances cease to apply.

10. Who can we transfer personal data to?

We do not disclose to third parties any personal data containing information obtained from you, except:

• if you yourself have expressly consented to such disclosure,
• it is necessary for the performance of a contract or obligation, including where we are required to disclose your personal data in order to comply with a legal requirement or to pursue our legitimate interests,
• to the persons stated in applicable legal acts upon their justified request, in the manner and to the extent provided for in the applicable legal acts;
• in the cases provided for in applicable laws and regulations to protect our legitimate interests, for example, by taking legal action in court or before other public authorities against a person who has infringed our legitimate interests.

We never transfer personal data to third parties without proper legal basis and without a pre-defined purpose for the processing of such personal data, and where those third parties, taking into account the nature, extent, context and purposes of the processing, as well as the likelihood and severity of risks to the rights and freedoms of natural persons, are unable to provide, in a transparent manner, adequate technical and organisational measures to ensure and to demonstrate that the processing of personal data is carried out in accordance with the laws and regulations, and/or are unable to provide reasonable assurances that the security of processing of personal data will be ensured and the rights of data subjects will be properly ensured.

Personal data may be transferred for different purposes of personal data processing:

• to our employees or specially authorised persons,
• to local authorities, courts and law enforcement authorities,
• to business partners;
• to personal data processors.

11. Do we transfer data outside the European Union / European Economic Area (EEA)?

In recognition of the risks, which are beyond our control, of transferring personal data outside the EU/EEA or to countries which are not recognised by the European Commission as providing an adequate level of protection, we endeavour not to transfer your personal data outside the EU/EEA. However, it is possible that in certain cases, in particular through the use of certain data processors or service providers, the processing of personal data may be carried out outside the EU/EEA, and in such cases the transfer will be carried out in accordance with Chapter V of the GDPR, for example based on standard data protection clauses adopted by the competent EU organisation or other acceptable solutions, together with additional technical and organisational measures.

12. What are your rights as a data subject?

The GDPR grants you a number of data subject’s rights which you can exercise by contacting us as set out below:

• request access to your personal data and obtain a copy of your personal data,
• ask us to amend, correct or delete your personal data,
• ask us to restrict the processing of your personal data, and object to processing,
• receive your personal data and information in a structured, commonly used and machine-readable format, also called – the right to data portability,
• withdraw your consent to the processing of personal data.

You may submit a request to exercise your rights by sending a written notice to info@51.20.252.200 or to our registered office.

Please note that the above-mentioned rights of the data subject are not absolute, as the GDPR and other applicable laws lay down conditions that must be met in order to exercise these rights.

If we have reasonable doubt about the identity of the person making the request or exercising the right referred to above, we may request additional information necessary to verify the identity.

13. Dispute resolution and claims

We try to resolve all disagreements through respectful communication and negotiations. Therefore, if you believe that our processing of your personal data does not comply with the GDPR or other laws or regulations, please submit a complaint to us at info@51.20.252.200 or at our registered office. We will endeavour to resolve any disagreement as soon as possible. However, you always have the right to contact the supervisory authority, the State Data Inspectorate.

14. Disclaimer

We have the unilateral right to make amendments to this policy and supplement it. The current version of the policy is always posted on the website. We maintain previous versions of the policy and these are also available on our website.

The version of this Privacy policy is effective as of July 3, 2024.