In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – Regulation), please be informed about the processing of personal data in the Ministry of Foreign Affairs of the Republic of Latvia as well as in the diplomatic and consular representations of the Republic of Latvia abroad

Controller

The Ministry of the Foreign Affairs of Latvia
Reg. No: 90000069065
K. Valdemāra iela 3, Rīga LV-1395
E-mail
: mfa.cha@mfa.gov.lv

Hereinafter – Controller.

Contact details of the Data Protection Officer

Correspondence to be addressed to the Data Protection Officer at K. Valdemāra iela 3, Rīga, LV-1395.
E-mail: datu.aizsardziba@mfa.gov.lv

Purpose of the processing of data

Under the privacy policy, the performance of functions laid down in the Ministry’s by-laws implies not only but also the following functions:

  • provision of consular assistance and consular services;
  • control of strategic goods;
  • issuing quota permits for timber imports;
  • the management of sanctions issues by the Ministry as the coordinating authority specified in the Law on International Sanctions and National Sanctions of the Republic of Latvia;
  • organising and conducting official and working visits to Latvia and abroad;
  • accreditation of foreign ambassadors extraordinary and plenipotentiary, employees of foreign diplomatic and consular missions, international organisations and representations thereof, and their family members and private domestic staff, as well as non-resident diplomats and their family members, and dealing with other matters related to such persons.

Personal data that we process

The Controller may use the information contained in your application in order to ensure the performance of the Controller’s functions. Your applications may contain your name, surname, identification number, address and contact details, information on the companies you represent, permits or certificates granted to your company, as well as information on your identity document data, marital status, income level, employer, information on permits you have been granted, for instance, visas and other travel documents.

A specific amount of personal data may vary depending on the service you wish to receive from the Controller or what process the Controller has begun on their own initiative in order to perform the functions specified in laws and regulations.

In individual cases, the Controller may collect additional information using the accessible databases to ascertain whether there are no hindrances for the specific data subject to receiving the service requested or services they are entitled to (e.g., to enter Latvia or other Schengen Area member states). In view of the purpose of the processing of personal data when performing a function of the Ministry laid down in legislation, the amount of the personal data processed may vary depending on the amount needed to fully prepare a response letter to the request.

Legal basis for the processing of data

To ensure the performance of functions laid down in legislation, the Controller carries out the processing on the basis of point (e) of Article 6 (1) of the Regulation, that is, in the public interest, and of point (f), or for the legitimate interests pursued by the Controller.

In cases where complaints or claims are received regarding the conduct of the Controller, the Controller has a legitimate interest in providing evidence regarding the conformity of their actions with law. Where the legal interests of the Controller are or are likely to be prejudiced, the Controller may use all the information at their disposal to protect their interests or to reduce the risks of being put in a position to prejudice their legal interests.

Who will receive your personal data

The processing of your personal data will be performed by duly authorised employees of the Controller in accordance with the scope of duties specified in their job description, observing the requirements set out in laws and regulations governing personal data protection and other fields, as well as the requirements for the processing of personal data specified in the internal regulations of the Controller.

Personal data may be handed over to:

  • the external service providers to the Controller (processors), who may be authorised to carry out certain data processing operations, acting on behalf and monitored by the Controller, e.g., experts engaged to perform some functions;
  • law enforcement and control authorities;
  • legal service providers, courts. 

Personal data are not intended for transfer to recipients outside the European Union and the European Economic Area countries, unless the need to do that clearly arises from the process of data processing in relation to the person in question.  

How long your personal data are stored

Information on the processing of personal data related to ensuring the state protocol, is stored for no longer than ten years. Your requests related to the exercise of the Controller’s functions are stored for no longer that five years. To ensure the protection of the Controller’s legitimate interests, the Controller may keep the obtained information for at least ten years and determine other storage period, if provided so in external law.

In separate cases, information on the data processing period may be included in forms or draft applications as you apply for and request a respective service. In order to specify the duration of data processing in your individual case, please contact the Controller or the Controller’s Data Protection Officer. 

In order to ensure the provision of information regarding matters within the competence of the Ministry, the Ministry maintains a list of accredited media representatives, publishes information regarding events and updates on matters within its competence, as well as maintaining the website and social network accounts of the Ministry.

Personal data being processed

For the purpose of publicity, the Controller may publish information on events or other current activities, which may in certain cases include personal data such as the given name and surname, a photo, an opinion given by the person, their behaviour reflected in a video or a photo, as well as information on the time, location and other circumstances of the events.

To ensure the accreditation of members of the mass media, the Controller will additionally process information indicated in the Cabinet Regulation No. 870 of 24 October 2006, Procedure for the Accreditation of Mass Media Journalists and Other Representatives at the Accreditation Authority.

Legal basis for the processing of data

To ensure the achievement of the publicity purpose, the Controller’s conduct is based on their and other Controllers’ legitimate interests, that is, on the point (f) of Article 6 (1) of the Regulation. Besides, given that the publication of news updates on the Ministry’s activities ensures, among other things, the right of the public to receive information on the work of public administration, the Controller’s conduct is also based on point (e) of Article 6 (1) of the Regulation.

While carrying out the accreditation of foreign journalists, the Controller’s conduct is based on the Law On the Press and Other Mass Media and the Cabinet Regulation No. 870 of 24 October 2006, Procedure for the Accreditation of Mass Media Journalists and Other Representatives at the Accreditation Authority.

Who will receive your personal data

The processing of your personal data will be performed by duly authorised employees of the Controller in accordance with the scope specified in their work duties, observing the requirements specified in laws and regulations governing personal data protection and other fields, as well as the requirements for the processing of personal data specified in the internal regulations of the Controller.

Personal data may be handed over to:

  • the external service providers to the Controller (processors), who may be authorised to carry out certain data processing operations, acting on behalf and monitored by the Controller;
  • law enforcement and control authorities;
  • legal service providers, courts. 

Personal data are not intended for transfer to recipients outside the European Union and the European Economic Area countries, unless the need to do that clearly arises from the process of data processing in relation to the person in question.

How long your personal data are stored

Information concerning the processing of personal data related to the exercise of functions under the Cabinet Regulation No. 870 of 24 October 2006, Procedure for the Accreditation of Mass Media Journalists and Other Representatives at the Accreditation Authority, will be stored for five years following the last entry.

For its part, information reflecting an event organised by the Controller may be processed independently by the Controller, considering that certain events may also have historic and national significance. Information posted on social networks or on the Controller’s website may be stored as long as the post is up-to-date and relevant to the public.

In the exercise of its functions, the Controller organises various tenders or project competitions, as part of which it is necessary to process the personal data of experts on whom the cooperation partner relies on in their economic activity.

Personal data being processed

In order to achieve the specified purpose of personal data processing, the Controller will process the persons’ names, personal identity numbers, information on their experience and their CV, if the need for that arises from the specific tender or project competition. Where the said person is involved in the implementation of a contract signed, the Controller will process information on the aspects of the fulfilment of the contract, including the engagement of the expert, information on their health condition, bank details, if necessary (e.g., regarding a civilian expert in international civilian missions).

A detailed scope of personal data that must be processed for the purpose of the fulfilment of contractual obligations and control is set out in the specific tender regulation or the contract signed with a cooperation partner.

Legal basis for the processing of data

In order to ensure control over the conclusion and enforcement of economic contracts, the Controller’s conduct is based on their and other Controllers’ legitimate interests, namely, on point (f) of Article 6 (1) of the Regulation, that is, to provide the Controller with the necessary services and keeping records of the provision thereof within the limits of the allocated funds. To ensure the compliance of accounting practices with the provisions of the law, the Controller’s conduct is also based on point (c) of Article 6 (1) of the Regulation and respectively on Accounting Law.

Who will receive your personal data

The processing of your personal data will be performed by duly authorised employees of the Controller in accordance with the scope specified in their work duties, observing the requirements specified in laws and regulations governing personal data protection and other fields, as well as the requirements for the processing of personal data specified in the internal regulations of the Controller.

Personal data may be handed over to:

  • the external service providers to the Controller (processors), who may be authorised to carry out certain data processing operations, acting on behalf and monitored by the Controller;
  • law enforcement and control authorities;
  • legal service providers, courts. 

Personal data are not intended for transfer to recipients outside the European Union and the European Economic Area countries, unless the need to do so clearly arises from the process of data processing in relation to the person in question.

How long your personal data are stored

Information regarding the processing of personal data related to the participation of experts in the performance of contractual obligations is stored for at least five years, in accordance with the laws and regulations governing accounting.

Your rights as a data subject

  • Right of access.
    You have the right to access your personal data and to obtain from the Controller any information on the processing of your personal data. You can request the Controller to provide you with information on the processing of your personal data if you think that information given under the present Privacy Policy is not comprehensive enough.
  • Right to rectification.
    If you have noticed inaccuracies in your personal data, you have the right, by sending a respective request, to obtain from the Controller the rectification of inaccurate data concerning you.
  • Right to erasure (‘right to be forgotten’).
    You have the right to obtain from the controller the erasure of your personal data in the following cases:
    • if the personal data are no longer necessary in relation to the purposes set out in the Privacy Policy for which they were processed;
    • the personal data have been unlawfully processed;
    • the personal data have to be erased for compliance with a legal obligation.

      In certain cases, we will not be able to grant your request to erase your personal data. This concerns cases where the Controller is subject to a legal obligation to process your personal data. Likewise, erasure of data is impossible if the processing of personal data is necessary for the establishment, exercise or defence of legal claims. In the said cases, your right to request the erasure of your personal will be limited.
  • Right to restriction of processing.
    You have the right to obtain from the Controller restriction of processing if:
    • you are contesting the lawfulness or accuracy of the processing of the data;
    • you believe that the processing is unlawful, but you oppose the erasure of those personal data;
    • your data are no longer needed for definite purposes but you need them for the defence of your legal interests and rights.

General provisions

The Controller can make changes to this privacy policy. The Controller will inform you about any changes by posting the relevant information on its website. If the changes in question directly affect the processing of your personal data, the Controller may send the relevant information to your e-mail address.

The present policy was last updated on 28 December 2023.