Privacy Policy

1. General Provisions

1.1. The purpose of this Privacy Policy is to provide natural persons (hereinafter – Data Subjects) with information about the purpose for which SJSC Riga International Airport acquires personal data, data volumes and data processing terms, data protection, as well as to inform Data Subjects about their rights and obligations.

1.2. When processing personal data, the Airport complies with the applicable laws and regulations of the Republic of Latvia, as well as with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) (hereinafter – the Regulation) and other applicable privacy and data protection laws.

1.3. The Airport’s Privacy Policy applies to any Data Subject other than Airport employees, whose personal data are processed by the Airport; it applies to data processing regardless of the form in which Data Subjects have provided their personal data: on the Airport’s website, in paper form or by telephone.

1.4. The Airport’s Privacy Policy does not apply to data processing activities of other merchants when providing their services using the Airport infrastructure (for example, Airport lessees, shops, catering facilities, ground handling service providers, car rental, transport service and other service providers). In such cases, please get acquainted with the purposes of the processing of personal data provided by the respective merchant and the legal basis for data processing.

2. Controller and Contact Information

2.1. Controller of personal data: SJSC Riga International Airport, single registration number: 40003028055, registered address Mārupes novads, Lidosta Rīga”, LidostaRīga” 10/1”, LV-1053, telephone +37167207135, e-mail: [email protected],

2.2. Should you have any questions or uncertainties regarding this Privacy Policy or the processing of personal data, please send your application by email: [email protected]or submit it in person at the Airport’s legal address.

3. Purpose of Personal Data Processing

3.1. The Airport processes personal data for the following purposes:

3.1.1. To provide civil aviation security.

3.1.2. For commercial activities and provision of services, including, but not limited to the following:

  • To ensure the identification of Data Subjects;
  • For concluding and executing service agreements;
  • For drawing up service financial documents;
  • For advertising and distributing services;
  • For considering and processing applications filed by Data Subjects;
  • For Data Subject surveys and market research;
  • For issuing vehicle and visitor passes;
  • For the implementation of the Airport staff recruitment process;
  • In events organized by the Airport, on the Airport’s websites and social networks.

3.1.3. To protect the Airport’s legitimate interests and to fulfil its contractual obligations;

3.1.4. To provide information to state administration institutions and operative entities in the cases and to the extent specified in the applicable external laws and regulations.

4. Legal Basis for Personal Data Processing

4.1. The Airport processes personal data of Data Subjects, based on the following legal grounds:

  • For the conclusion and execution of contracts with Data Subjects, including to conclude contracts upon applications filed by Data Subjects and to ensure their execution;
  • For the fulfilment of laws and regulations – in order for the Airport to fulfil its obligations specified in the binding external normative acts;
  • For the performance of administrative acts and the obligations imposed;
  • For international documents binding on the Airport;
  • For exercising Airport’s legally mandated official authority;
  • In accordance with the legitimate interests of the Airport or third parties;
  • In individual cases, subject to the consent of Data Subjects.

4.2. The Airport has the following legal (legitimate) interests:

  • To carry out commercial activities;
  • To verify the identity of Data Subjects before the conclusion of service agreements;
  • To ensure fulfilment of the obligations under service agreements;
  • To store Data Subject applications and submissions for the provision of services, other applications and submissions, notes on them, including those made orally, by calling the call centre and through the website;
  • To prevent criminal offences;
  • To protect the lawful interests of the Airport in court, in other state institutions, as well as in receiving legal aid;
  • To advertise its services by sending commercial communications;
  • To implement corporate social responsibility and public investment policy;
  • To promote the company and carry out marketing activities;
  • To enhance the company’s corporate culture;
  • To create and store testimonies about the company’s history and development.

5. Processing, Protection and Storage of Personal Data

5.1. The Airport processes the data of Data Subjects using the options of today’s technologies, taking into account the privacy risks and the reasonably available organizational, financial and technical resources.

5.2. The Airport shall scrutinize all service providers who process the Data Subject’s personal data on behalf of the Airport and assess whether the cooperation partners (processors) apply appropriate security measures to protect the Data Subject’s personal data from unauthorized access, accidental loss, disclosure or destruction.

5.3. To ensure the protection of Data Subject interests, the Airport is continuously improving its internal processes and activities. For example, the processes for the protection of staff, IT infrastructure, technical resources, and Airport facilities. All these measures provide an appropriate level of protection of information that prevents unauthorized access to Data Subject personal data.

5.4. Personal data are kept only for as long as necessary to achieve the purposes of this Privacy Policy, unless a longer storage period is specified or permitted by the applicable law. The following criteria are used to determine the storage period:

  • While the contract entered into with the Data Subject is in force;
  • While contracts for the provision of air services are in place with third parties;
  • While the Airport or Data Subjects can exercise their legitimate interests in accordance with the procedure provided for in the external laws and regulations (for example, examination of claims, protection of rights, solving issues, taking legal action or observing limitation period, etc.);
  • While any of the parties has a legal obligation to store the data;
  • While the Data Subject’s consent for the processing of personal data is in force, unless there is another legal basis for data processing.

Once the criteria referred to in this Paragraph are not applicable, the personal data of Data Subjects are deleted, destroyed or transferred to the State Archives in accordance with the requirements of the applicable laws and regulations.

5.5. When processing personal data, the Airport ensures compliance with the mandatory technical and organizational requirements for the protection of personal data.

5.6. The Airport shall not be liable for incorrect, incomplete or erroneously submitted data by the Data Subject. The Data Subject is responsible for the veracity of the information provided.

6. Personal Data Access Categories

6.1. The Airport shall not disclose to third parties personal data of Data Subjects or information obtained during the term of the Contract, except:

  • If the data are to be handed over to the third party concerned within the framework of a contract in order to perform the particular contract (for example, to register a Data Subject for a specific air service and to issue the documents required for air travel, or to make a car park booking, for a deferred purchase, for the use of the VIP Terminal, Fast Track service, RIX Club, Shop&Collect services, etc.) or to perform law-mandated functions (State Police, State Border Guard, etc.);
  • In accordance with clear and unambiguous consent of the Data Subject concerned;
  • In the cases provided for in the binding external laws and regulations of the Republic of Latvia and international documents, in accordance with the procedure and scope specified therein;
  • In the cases prescribed by external laws and regulations for the protection of the Airport’s legitimate interests;
  • If the data are to be transferred to the third party concerned to comply with the legitimate interests of the Airport or third parties.

6.2. The Airport shall not transfer personal data of Data Subjects to third countries (i.e. countries that do not belong to the European Union or the European Economic Area), except:

  • In the cases stipulated the normative acts and internal documents binding on the Airport concerning civil aviation security, aviation accidents, threats or incidents;
  • The data of third-party national partners are to be transmitted in the framework of a signed contract to execute the particular contract (for example, to register a Data Subject for a specific air service and to issue the documents required for air travel).

7. Rights and Obligations of Personal Data Subjects

7.1. Data Subject consent for the processing of their personal data (the legal basis of which is such a consent), if required, may be provided on the Airport’s website or on site at the Airport’s registered address. In all other cases, when the Airport exercises its legal rights in ensuring civil aviation security in the cases specified in external laws and regulations, Data Subject consent for the processing of their personal data is not required.

7.2. Data Subjects have the right to withdraw (at any time) the consent given for the data processing in the same manner as it was given, that is, on the website or at the Airport’s registered address. In such case, further processing of the data based on the above consent for the specific purpose will not be carried out.

7.3. Withdrawal of the consent does not affect the data processing performed at the time when the Data Subject consent was valid.

7.4. With the withdrawal of the consent, such data processing cannot be terminated that is based on other legal grounds.

7.5. Data Subjects have the right to receive information specified in the laws and regulations concerning the processing of their data or restriction of data processing, as well as concerning their rights to object to data processing (including processing of personal data carried out on the basis of the Airport’s legitimate interests). This right is enforceable insofar as data processing does not result from the Airport’s obligations imposed by the applicable laws and regulations that are in the public interest.

7.6. Data Subjects may submit a request for the exercise of their rights in written form by presenting a personal identification document or by electronic mail, signed with a secure electronic signature.

7.7. When processing a Data Subject’s request for the exercise of their rights, the Airport verifies the identity of the Data Subject, evaluates the request and executes it in accordance with the applicable laws and regulations.

7.8. The Airport response will be sent to the Data Subject by registered mail to the indicated contact address.

7.9. The Airport ensures fulfilment of data processing and protection requirements in accordance with the applicable laws and regulations. In the case of a Data Subject’s claim, the Airport shall take all the necessary steps to resolve the claim, but if it fails, the Data Subject is always entitled to contact the supervisory authority – the Data State Inspectorate.

7.10. The Airport considers Data Subject applications in connection with these rights free of charge. Examination of an application may be refused or a reasonable charge may be applied if it is submitted in a manifestly unreasonable or excessive manner, as well as in other cases provided in the applicable laws and regulations.

7.11. Data Subjects are required to familiarise themselves with this Privacy Policy. Data Subjects shall also introduce any person whose interests may be affected in the course of personal data processing to this Privacy Policy. The Airport expects all personal data submitted to be without prejudice to the interests of others. In cases where, under certain conditions, a person has the opportunity to access or use services together with another person, he/she is solely responsible for informing such persons of data processing within the specified processes and the obligations arising therefrom.

8. Airport Website and the Use of Cookies

8.1. The Airport website may use cookie technology for the following purposes:

8.1.1. To improve the experience of the site, to ensure its operation and functionality;

8.1.2. To provide Data Subjects with the opportunity to freely visit and browse through the website, using all the opportunities offered by it, including obtaining information and purchasing Airport’s services;

8.1.3 To identify the most visited sections of the website, obtaining statistics on the website and the number of visitors to the sections, time spent, etc.;

8.1.4. To display advertisements tailored to the visitor’s needs.

8.2. Cookies only identify Data Subject’s equipment, but do not in any way disclose the identity of Data Subjects;

8.3. Data Subjects have the right at any time to refuse further processing of their data, unless otherwise provided by the applicable laws and regulations. In cases where these data are technically relevant for the provision of the services, there is a possibility that the Airport will not be able to provide the service in full as it was initially planned

8.4. The Airport’s website may contain links to other service provider (third parties) websites that have their own use and personal data protection rules, for which the Airport is not liable

9. Communication with Data Subjects

9.1. The Airport communicates with Data Subjects, using the contact details provided by Data Subjects (telephone number, e-mail address or postal address).

9.2. The communication about the performance of contractual obligations is provided by the Airport based on a respective contract.

9.3. In other cases, the Airport contacts Data Subjects based on requests made by Data Subjects, in accordance with the required communication type specified by the Data Subject and/or regulatory requirements.

10. Miscellaneous

10.1. The Airport has the right to make changes to the Privacy Policy, and the website always contains the latest version of Privacy Policy.

10.2. If this Privacy Policy is translated into other languages, then in the case of any contradiction the text in Latvian shall prevail.

10.3. The Airport’s Privacy Policy is subject to the effective laws and regulations of the Republic of Latvia. All disagreements shall be resolved through negotiations. If no mutual agreement is reached, disputes shall be considered in a court of law of the Republic of Latvia in accordance with the laws and regulations in force in the Republic of Latvia.