The Personal Data Processing (Privacy) Policy (hereinafter – Policy) of the Ministry of Foreign Affairs establishes procedures to ensure compliance with legal provisions relating to the protection of personal data in the Ministry of Foreign Affairs, its departments, and agencies under the authority of the Ministry of Foreign Affairs (hereinafter – Institution).
The Policy applies to any information at the Institution’s disposal (hereinafter – Personal Data) relating to an identified or identifiable natural person (hereinafter – Data Subject).
Contact details for the Controller of Personal Data
The Data Controller is the Ministry of Foreign Affairs of the Republic of Latvia, reg. No.: 90000069065, K. Valdemāra iela 3, Rīga LV-1395, e-mail: firstname.lastname@example.org
Security and protection of Personal Data
The processing of Personal Data in the Institution is carried out in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter – GDPR), Personal Data Processing Law (hereinafter – PDPL) and other laws and regulations.
Principles relating to processing of data
Lawfulness, fairness and transparency – data are processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
Limitation of purposes – data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimisation – data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Storage limitation – data are kept in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest.
Integrity and confidentiality – data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Obtaining of personal data and purpose of processing
The Institution processes data for the purpose of compliance with regulatory requirements.
The Institution obtains and processes the data for the following purposes:
- a Data Subject’s data for the consideration of a submitted request, complaint, proposal, query or request for information within the competence of the Institution;
- in order to ensure security of information and information systems, and internal security;
- drafting and conclusion of contracts, their administration;
- administration of payments;
- personnel selection (personal data are collected in accordance with the State Civil Service Law and the Labour Law);
- establishing and maintaining employment relationship;
- provision of consular assistance and consular services;
- raising awareness of the relevant sector-specific policy;
- publicity of events organised by the Ministry;
- strategic goods control;
- issuing quota authorisations for timber exports;
- representation of national interests before various public authorities and organisations, incl. International organisations, European Union institutions, the European Court of Human Rights (ECHR) and the United Nations (UN) in the process of handling individual complaints.
- accreditation and registration of members of foreign media;
- compiling review reports to be disseminated among public employees in Latvia, its partner countries and the U.S. disclosing, evaluating and tacking action against harmful disinformation;
- fulfilment of functions of the Foreign Ministry in the capacity of the coordinating institution on sanction matters as laid down in the Law on International Sanctions and National Sanctions of the Republic of Latvia;
- organizing and leading official and working visits to Latvia and abroad;
- accreditation of foreign ambassadors extraordinary and plenipotentiary, staff of foreign diplomatic missions and consular posts, international organisations and representations thereof, their family members and private domestic staff as well as non-resident diplomats and their family members and dealing with other matters related to these persons;
- maintenance and improving the functioning of the Ministry website;
- other purposes which the Data Subject is informed in accordance with and to the extent laid down in legislation.
Categories and types of Personal Data
The Institution may have the following types of Personal Data available:
- general information for identification (full name, personal ID number, gender, date of birth, age, passport data, position held, name of institution);
- general contact information (telephone number, declared address, address for correspondence, e-mail address);
- data related to performance of consular functions in accordance with laws and regulations, including special categories of personal:
- biometric data (a photograph, finger prints, height, etc.);
- medical data;
- criminal record;
- data concerning religious affiliation;
- data related to foreign ambassadors extraordinary and plenipotentiary, staff of foreign diplomatic missions and consular posts, international organisations and representations thereof, their family members and private domestic staff as well as non-resident diplomats and their family members;
- data related to the organisation and holding of official and working visit to Latvia and abroad;
- data for a transaction (contract) – number, date, name, type of the transaction;
- payment data (account number, invoice number and date, amount, payment date);
- Personal Data of special categories which have been published in social media and obtained via social media monitoring;
- photographs, video and audio recordings made at the Foreign Ministry and at public event outside the Ministry premises;
- professional (employment) data (information on education, work experience, current employment, positions held, Professional activity, certificates etc.);
- communication-related data (type of incoming/outgoing communication, number, date, information contained in the correspondence);
- court records data (number of case, type, data for defendant/plaintiff/applicant);
- data of a video recording and image – a person’s image (appearance, behaviour), place of making a recording of a person’s image (date, time);
- vehicle registration data (registration number plate, make);
In processing of Personal Data, the Institution observes the appropriate security requirements and ensures data confidentiality in compliance with legal provisions. The Institution takes care of security of personal data at its disposal through appropriate technical and organisational measures to ensure a security level proportionate to the risk.
Legal basis of processing Personal Data
Prior to processing of Personal Data, the Institution assesses the lawfulness of the data processing operations. The Institution processes Personal Data mainly on the grounds Article 6, paragraph 1, point (c) of the Regulation: processing is necessary for compliance with a legal obligation to which the Institution is subject; or point (e) – for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Institution.
In addition, the Institution may process Personal Data on the grounds of other provisions of Article 6 of the Regulation: for the performance of a contract to which the Data Subject is party or in order to take steps prior to entering into a contract; as well as, having determined the purposes in advance, for the legitimate interests pursued by the Institution or by a third party.
Personal data may be transferred to state and local government institutions, legal or authorized representatives of the Data Subject, candidate evaluation commissions, persons to whom state and local government tasks have been delegated, law enforcement and supervisory authorities, cooperation partners/contractors (e.g. independent auditors, auditors, data processors), the Ministry of Foreign Affairs or the diplomatic mission or consular post of a Member State, media and other persons in order to carry out the functions, tasks and rights of the Authority in accordance with the regulatory enactments in force. In certain cases, personal data may be transferred to third countries and international organisations in order to fulfil obligations under international agreements, subject to the requirements of regulatory enactments, the terms of the employment contract or the consent of Data Subjects.
Sources of obtaining data other than the Data Subject
Publicly available sources (e.g. the Land Register, Lursoft, the SRS database), the Population Register and other information systems, the video surveillance system, state and local government institutions, if required by external regulatory enactments and only in cases provided for in the regulatory enactments, and according to the scope and procedures set forth therein.
Storage of Personal Data
Personal Data are stored in conformity with procedures laid down in laws and regulations, in compliance with security measures for data protection and to the extent necessary for the purposes of data processing. According the Institution’s record keeping system, personal data may have different storage time depending on the document containing personal data, and shall be stored accordingly. The staff of the Institution shall observe strict terms of confidentiality.
Data Subject’s rights concerning the processing of Personal Data by the Institution
The Data Subject has the following rights:
- request and receive information from the Institution related to the processing of Personal Data;
- request rectification, erasure or restriction of processing of their data. These rights apply unless data processing stems from the Institution’s functions, tasks and rights as laid down in current laws and regulations;
- if filming, taking photos or voice recording takes place on the Institution’s premises or at events organised outside them, the Data Subject has the right to object to the publication of photographs, video or voice recordings in mass media. This rights apply unless data processing stems from the Institution’s functions, tasks and rights as laid down in current laws and regulations;
- If you consider that the Institution, by processing your personal data, has violated your rights under the current laws and regulations, you have the right to lodge a relevant complaint with the Data State Inspectorate:
Data State Inspectorate
Elijas street 17
Rīga, LV 1050
Telephone: +371 67223131
Fax: +371 67223556
Submission of a request by the Data Subject
To receive information related to the processing of personal data from the Institution, an application shall be submitted in accordance with procedures laid down in rules and regulations:
- an electronic request for information signed with a secure electronic signature;
- by authorisation via the www.Latvija.lv portal;
- by a letter bearing a personal signature and mailed to the Institution;
- upon a prior consent of the Data Protection Officer, the Data Subject may submit a written request for information in person, by filling out a request for the issuance of the copies of data and presenting an identity document at the Ministry of Foreign Affairs, K. Valdemāra iela 3, Rīga.
The Institution, protecting the rights of Data Subjects, has the right to request additional information that allows clear and unambiguous identification of the applicant.
A request for information from the Data Subject is examined by the Institution within one month from the date of receipt of the request in accordance with procedures set out in the GDPR and the PDPL. If needed, the time for examining an application may be extended by two months in view of the complexity of requests and their number.
The Institution, having examined the request, performs one of the following actions:
- issues the requested information to the Data Subject;
- provides reasons for refusal to provide information in writing;
- informs the Data Subject about the actions taken (supplementing, correcting, deleting of data) concerning the request expressed in the application.
Please send your requests for information electronically to the Data Protection Officer at the Ministry of Foreign Affairs by e-mail: email@example.com
Address your written requests for information to the Ministry of Foreign Affairs, K. Valdemāra iela 3, Rīga LV-1395.
Contact details for the Data Protection Officer
For further information about the processing of Personal Data at the Institution, please contact the Data Protection Officer:
Sandra Romberga, +371 67019519