General Privacy Policy of the Ministry of Foreign Affairs

Under the privacy policy, the performance of functions laid down in the Ministry’s by-laws implies not only but also the following functions:

• provision of consular assistance and consular services;
• control of strategic goods;
• issuing quota permits for timber imports;
• the management of sanctions issues by the Ministry as the coordinating authority specified in the Law on International Sanctions and National Sanctions of the Republic of Latvia;
• organising and conducting official and working visits to Latvia and abroad;
• accreditation of foreign ambassadors extraordinary and plenipotentiary, employees of foreign diplomatic and consular missions, international organisations and representations thereof, and their family members and private domestic staff, as well as non-resident diplomats and their family members, and dealing with other matters related to such persons.

Personal data that we process

The Controller may use the information contained in your application in order to ensure the performance of the Controller’s functions. Your applications may contain your name, surname, identification number, address and contact details, information on the companies you represent, permits or certificates granted to your company, as well as information on your identity document data, marital status, income level, employer, information on permits you have been granted, for instance, visas and other travel documents.

A specific amount of personal data may vary depending on the service you wish to receive from the Controller or what process the Controller has begun on their own initiative in order to perform the functions specified in laws and regulations.

In individual cases, the Controller may collect additional information using the accessible databases to ascertain whether there are no hindrances for the specific data subject to receiving the service requested or services they are entitled to (e.g., to enter Latvia or other Schengen Area member states). In view of the purpose of the processing of personal data when performing a function of the Ministry laid down in legislation, the amount of the personal data processed may vary depending on the amount needed to fully prepare a response letter to the request.

Legal basis for the processing of data

To ensure the performance of functions laid down in legislation, the Controller carries out the processing on the basis of point (e) of Article 6 (1) of the Regulation, that is, in the public interest, and of point (f), or for the legitimate interests pursued by the Controller.

In cases where complaints or claims are received regarding the conduct of the Controller, the Controller has a legitimate interest in providing evidence regarding the conformity of their actions with law. Where the legal interests of the Controller are or are likely to be prejudiced, the Controller may use all the information at their disposal to protect their interests or to reduce the risks of being put in a position to prejudice their legal interests.

Who will receive your personal data

The processing of your personal data will be performed by duly authorised employees of the Controller in accordance with the scope of duties specified in their job description, observing the requirements set out in laws and regulations governing personal data protection and other fields, as well as the requirements for the processing of personal data specified in the internal regulations of the Controller.

Personal data may be handed over to:

• the external service providers to the Controller (processors), who may be authorised to carry out certain data processing operations, acting on behalf and monitored by the Controller, e.g., experts engaged to perform some functions;
• law enforcement and control authorities;
• legal service providers, courts. 

Personal data are not intended for transfer to recipients outside the European Union and the European Economic Area countries, unless the need to do that clearly arises from the process of data processing in relation to the person in question.  

How long your personal data are stored

Information on the processing of personal data related to ensuring the state protocol, is stored for no longer than ten years. Your requests related to the exercise of the Controller’s functions are stored for no longer that five years. To ensure the protection of the Controller’s legitimate interests, the Controller may keep the obtained information for at least ten years and determine other storage period, if provided so in external law.

In separate cases, information on the data processing period may be included in forms or draft applications as you apply for and request a respective service. In order to specify the duration of data processing in your individual case, please contact the Controller or the Controller’s Data Protection Officer. 

In order to ensure the provision of information regarding matters within the competence of the Ministry, the Ministry maintains a list of accredited media representatives, publishes information regarding events and updates on matters within its competence, as well as maintaining the website and social network accounts of the Ministry.

Personal data being processed

For the purpose of publicity, the Controller may publish information on events or other current activities, which may in certain cases include personal data such as the given name and surname, a photo, an opinion given by the person, their behaviour reflected in a video or a photo, as well as information on the time, location and other circumstances of the events.

To ensure the accreditation of members of the mass media, the Controller will additionally process information indicated in the Cabinet Regulation No. 870 of 24 October 2006, Procedure for the Accreditation of Mass Media Journalists and Other Representatives at the Accreditation Authority.

Legal basis for the processing of data

To ensure the achievement of the publicity purpose, the Controller’s conduct is based on their and other Controllers’ legitimate interests, that is, on the point (f) of Article 6 (1) of the Regulation. Besides, given that the publication of news updates on the Ministry’s activities ensures, among other things, the right of the public to receive information on the work of public administration, the Controller’s conduct is also based on point (e) of Article 6 (1) of the Regulation.

While carrying out the accreditation of foreign journalists, the Controller’s conduct is based on the Law On the Press and Other Mass Media and the Cabinet Regulation No. 870 of 24 October 2006, Procedure for the Accreditation of Mass Media Journalists and Other Representatives at the Accreditation Authority.

Who will receive your personal data

The processing of your personal data will be performed by duly authorised employees of the Controller in accordance with the scope specified in their work duties, observing the requirements specified in laws and regulations governing personal data protection and other fields, as well as the requirements for the processing of personal data specified in the internal regulations of the Controller.

Personal data may be handed over to:

• the external service providers to the Controller (processors), who may be authorised to carry out certain data processing operations, acting on behalf and monitored by the Controller;
• law enforcement and control authorities;
• legal service providers, courts. 

Personal data are not intended for transfer to recipients outside the European Union and the European Economic Area countries, unless the need to do that clearly arises from the process of data processing in relation to the person in question.

How long your personal data are stored

Information concerning the processing of personal data related to the exercise of functions under the Cabinet Regulation No. 870 of 24 October 2006, Procedure for the Accreditation of Mass Media Journalists and Other Representatives at the Accreditation Authority, will be stored for five years following the last entry.

For its part, information reflecting an event organised by the Controller may be processed independently by the Controller, considering that certain events may also have historic and national significance. Information posted on social networks or on the Controller’s website may be stored as long as the post is up-to-date and relevant to the public.

In the exercise of its functions, the Controller organises various tenders or project competitions, as part of which it is necessary to process the personal data of experts on whom the cooperation partner relies on in their economic activity.

Personal data being processed

In order to achieve the specified purpose of personal data processing, the Controller will process the persons’ names, personal identity numbers, information on their experience and their CV, if the need for that arises from the specific tender or project competition. Where the said person is involved in the implementation of a contract signed, the Controller will process information on the aspects of the fulfilment of the contract, including the engagement of the expert, information on their health condition, bank details, if necessary (e.g., regarding a civilian expert in international civilian missions).

A detailed scope of personal data that must be processed for the purpose of the fulfilment of contractual obligations and control is set out in the specific tender regulation or the contract signed with a cooperation partner.

Legal basis for the processing of data

In order to ensure control over the conclusion and enforcement of economic contracts, the Controller’s conduct is based on their and other Controllers’ legitimate interests, namely, on point (f) of Article 6 (1) of the Regulation, that is, to provide the Controller with the necessary services and keeping records of the provision thereof within the limits of the allocated funds. To ensure the compliance of accounting practices with the provisions of the law, the Controller’s conduct is also based on point (c) of Article 6 (1) of the Regulation and respectively on Accounting Law.

Who will receive your personal data

The processing of your personal data will be performed by duly authorised employees of the Controller in accordance with the scope specified in their work duties, observing the requirements specified in laws and regulations governing personal data protection and other fields, as well as the requirements for the processing of personal data specified in the internal regulations of the Controller.

Personal data may be handed over to:

• the external service providers to the Controller (processors), who may be authorised to carry out certain data processing operations, acting on behalf and monitored by the Controller;
• law enforcement and control authorities;
• legal service providers, courts. 

Personal data are not intended for transfer to recipients outside the European Union and the European Economic Area countries, unless the need to do so clearly arises from the process of data processing in relation to the person in question.

How long your personal data are stored

Information regarding the processing of personal data related to the participation of experts in the performance of contractual obligations is stored for at least five years, in accordance with the laws and regulations governing accounting.