The Personal Data Protection Regulations (hereinafter – Regulations) of the Ministry of Foreign Affairs establish procedures to ensure compliance with legal provisions relating to the protection of personal data in the Ministry of Foreign Affairs, its departments, and agencies under the authority of the Foreign Minister (hereinafter – Institution).
These Regulations apply to any information at the Institution’s disposal (hereinafter – Personal Data) relating to an identified or identifiable natural person (hereinafter – Data Subject).
Contact details for the Controller of Personal Data
The data controller is the Ministry of Foreign Affairs of the Republic of Latvia, reg. No.: 90000069065, K. Valdemāra iela 3, Rīga LV-1395.
Security and protection of Personal Data
The processing of Personal Data in the Institution is carried out in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter – GDPR), Personal Data Processing Law (hereinafter – PDPL) and other laws and regulations.
Principles relating to processing of data
Lawfulness, fairness and transparency – data are processed lawfully, fairly and in a transparent manner in relation to the data subject.
Limitation of purposes – data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Minimising the processing of data – data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Storage limitation – data are kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest.
Integrity and confidentiality – data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Purpose of obtaining and processing Personal Data
The Institution processes data for the purpose of compliance with regulatory requirements. The Institution obtains and processes the data of the following persons:
1) A data subject’s data for the consideration of a submitted request, complaint, proposal, query or request for information within the competence of the Institution;
2) data for visitors to the Ministry premises – in order to ensure internal security, people may visit the Ministry building only upon presenting a access pass which was requested in advance; and for that, a person’s full name, personal identity number, position, and the name of the respective institution are needed;
3) data for visitors to diplomatic missions and consular posts abroad – a person’s given name, surname, personal identity number, position and the name of the respective institution are obtained to ensure internal security;
4) contractor’s data;
5) data for persons participating in staff selection – personal data are collected in accordance with the State Civil Service Law and the Labour Law;
6) data for the recipients of consular assistance and consular services;
7) Personal Data collected for the purposes of organising lectures and seminars;
8) Personal Data related to the representation of Latvia’s interests before the European Court of Human Rights (ECHR) and the United Nations (hereinafter – UN) in the process of handling individual complaints. Pursuant to Cabinet Regulation No. 121 of 7 March 2017, “Procedures for representation before international human rights bodies”, the Representative of Latvia to International Human Rights Organisations has the right to request data managers and public authorities to provide information needed for effective representation before the ECHR or the UN in the examination of individual complaints;
9) data obtained through monitoring public information in the media and social media, including through use of social media monitoring tools/social listening tools. Such data can be used in an aggregated form to compile insight reports (reviews) that could be disseminated among public employees in Latvia, its partner countries in Europe, and in the United States. The reports are anonymised and do not include personal data obtained via media monitoring. The aim is to ensure an evidence-based and coordinated approach to find, assess, and address potentially harmful disinformation.
Categories and types of Personal Data
The Institution may have the following types of Personal Data available:
1) general information for identification (full name, personal ID number, gender, date of birth, age, passport data);
2) general contact information (telephone number, declared address, mailing address, e-mail address);
3) special categories of personal data related to consular services and the provision of consular assistance in accordance with laws and regulations:
3.1. biometric data (a photograph, finger prints, height, etc.);
3.2. medical data;
3.3. criminal record;
3.4. data concerning religious affiliation;
4) a special category of Personal Data which has been published in social media and obtained via social media monitoring.
In processing of Personal Data, the Institution observes the appropriate security requirements and ensures data confidentiality in compliance with legal requirements. The Institution takes care of security of personal data at its disposal through appropriate technical and organisational measures to ensure a security level proportionate to the risk.
Legal basis of processing Personal Data
Prior to processing of Personal Data, the Institution assesses the lawfulness of the data processing operations. The Institution processes Personal Data mainly on the grounds of an official mandate and legal obligations to which the Institution is subject.
In addition, the Institution may process Personal Data on the grounds of consent from the Data Subject, for instance, in his/her submission.
Storage of Personal Data
Personal Data are stored in conformity with procedures laid down in laws and regulations, in compliance with security measures for data protection and to the extent necessary for the purposes of data processing. The staff of the Institution observe strict terms of confidentiality.
The Data Subject’s rights concerning Personal Data processing performed by the Institution
The Data Subject has the right to receive information from the Institution related to the processing of Personal Data by submitting a submission in accordance with procedures laid down in laws and regulations:
1) an electronic request for information must be signed with a secure electronic signature;
2) by authorisation via the www.Latvija.lv portal;
3) by a letter mailed to the Ministry of Foreign Affairs and bearing a personal signature;
4) upon a prior consent of the Data Protection Officer, the Data Subject may submit a written request for information in person, by filling out a request for the issuance of copies of the information and presenting an identity document at the Ministry of Foreign Affairs, K. Valdemāra iela 3, Rīga
The Ministry of Foreign Affairs, protecting the rights of Data Subjects, has the right to request additional information that allows clear and unambiguous identification of the applicant.
A request for information from the Data Subject is examined by the Institution within one month from the date of receipt of the request in accordance with procedures set out in the GDPR and the PDPL. If needed, the time for examining an application may be extended by two months in view of the complexity of requests and their number.
The Institution, having examined the request, carries out one of the following actions:
1) issues the requested information to the Data Subject;
2) provides reasons for refusal to provide information in writing;
3) informs the Data Subject about the actions taken (supplementing, correcting, deleting of data) concerning the request expressed in the application.
Address your written requests for information to the Ministry of Foreign Affairs, K. Valdemāra iela 3, Rīga LV-1395.
Contact details for the Data Protection Officer
For further information about the processing of Personal Data at the Institution, please contact the Data Protection Officer:
The right of the Data Subject to submit a complaint about data processing at the Institution
If the Data Subject considers that the Institution, when processing Personal Data, has violated his/her rights in accordance with applicable and existing laws, the Data Subject has the right to file a complaint with the Data State Inspectorate concerning the processing of his/her Personal Data:
Data State Inspectorate
Blaumaņa iela 11/13-11
Telephone: 67 22 31 31
Fax: 67 22 35 56
The Institution has the right to amend and supplement the Regulations. The updated data protection regulations will be published on the Foreign Ministry website https://www.mfa.gov.lv/ in the Data Protection section.