1. General Provisions
1.1. The purpose of this Privacy Policy is to provide natural persons (hereinafter – Data Subjects) with information about the purpose for which SJSC Riga International Airport acquires personal data, data volumes and data processing terms, data protection, as well as to inform Data Subjects about their rights and obligations.
1.2. When processing personal data, the Airport complies with the applicable laws and regulations of the Republic of Latvia, as well as with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) (hereinafter – the Regulation) and other applicable privacy and data protection laws.
1.3. The Airport’s Privacy Policy applies to any Data Subject other than Airport employees, whose personal data are processed by the Airport; it applies to data processing regardless of the form in which Data Subjects have provided their personal data: on the Airport’s website, in paper form or by telephone.
1.4. The Airport’s Privacy Policy does not apply to data processing activities of other merchants when providing their services using the Airport infrastructure (for example, Airport lessees, shops, catering facilities, ground handling service providers, car rental, transport service and other service providers). In such cases, please get acquainted with the purposes of the processing of personal data provided by the respective merchant and the legal basis for data processing.
2. Controller and Contact Information
2.1. Controller of personal data: SJSC Riga International Airport, single registration number: 40003028055, registered address Mārupes novads, Lidosta “Rīga”, “Lidosta“Rīga” 10/1”, LV-1053, telephone +37167207135, e-mail: [email protected], riga-airport.com).
2.2. Should you have any questions or uncertainties regarding this Privacy Policy or the processing of personal data, please send your application by email: [email protected]or submit it in person at the Airport’s legal address.
3. Purpose of Personal Data Processing
3.1. The Airport processes personal data for the following purposes:
3.1.1. To provide civil aviation security.
3.1.2. For commercial activities and provision of services, including, but not limited to the following:
3.1.3. To protect the Airport’s legitimate interests and to fulfil its contractual obligations;
3.1.4. To provide information to state administration institutions and operative entities in the cases and to the extent specified in the applicable external laws and regulations.
4. Legal Basis for Personal Data Processing
4.1. The Airport processes personal data of Data Subjects, based on the following legal grounds:
4.2. The Airport has the following legal (legitimate) interests:
5. Processing, Protection and Storage of Personal Data
5.1. The Airport processes the data of Data Subjects using the options of today’s technologies, taking into account the privacy risks and the reasonably available organizational, financial and technical resources.
5.2. The Airport shall scrutinize all service providers who process the Data Subject’s personal data on behalf of the Airport and assess whether the cooperation partners (processors) apply appropriate security measures to protect the Data Subject’s personal data from unauthorized access, accidental loss, disclosure or destruction.
5.3. To ensure the protection of Data Subject interests, the Airport is continuously improving its internal processes and activities. For example, the processes for the protection of staff, IT infrastructure, technical resources, and Airport facilities. All these measures provide an appropriate level of protection of information that prevents unauthorized access to Data Subject personal data.
5.4. Personal data are kept only for as long as necessary to achieve the purposes of this Privacy Policy, unless a longer storage period is specified or permitted by the applicable law. The following criteria are used to determine the storage period:
Once the criteria referred to in this Paragraph are not applicable, the personal data of Data Subjects are deleted, destroyed or transferred to the State Archives in accordance with the requirements of the applicable laws and regulations.
5.5. When processing personal data, the Airport ensures compliance with the mandatory technical and organizational requirements for the protection of personal data.
5.6. The Airport shall not be liable for incorrect, incomplete or erroneously submitted data by the Data Subject. The Data Subject is responsible for the veracity of the information provided.
6. Personal Data Access Categories
6.1. The Airport shall not disclose to third parties personal data of Data Subjects or information obtained during the term of the Contract, except:
6.2. The Airport shall not transfer personal data of Data Subjects to third countries (i.e. countries that do not belong to the European Union or the European Economic Area), except:
7. Rights and Obligations of Personal Data Subjects
7.1. Data Subject consent for the processing of their personal data (the legal basis of which is such a consent), if required, may be provided on the Airport’s website or on site at the Airport’s registered address. In all other cases, when the Airport exercises its legal rights in ensuring civil aviation security in the cases specified in external laws and regulations, Data Subject consent for the processing of their personal data is not required.
7.2. Data Subjects have the right to withdraw (at any time) the consent given for the data processing in the same manner as it was given, that is, on the website or at the Airport’s registered address. In such case, further processing of the data based on the above consent for the specific purpose will not be carried out.
7.3. Withdrawal of the consent does not affect the data processing performed at the time when the Data Subject consent was valid.
7.4. With the withdrawal of the consent, such data processing cannot be terminated that is based on other legal grounds.
7.5. Data Subjects have the right to receive information specified in the laws and regulations concerning the processing of their data or restriction of data processing, as well as concerning their rights to object to data processing (including processing of personal data carried out on the basis of the Airport’s legitimate interests). This right is enforceable insofar as data processing does not result from the Airport’s obligations imposed by the applicable laws and regulations that are in the public interest.
7.6. Data Subjects may submit a request for the exercise of their rights in written form by presenting a personal identification document or by electronic mail, signed with a secure electronic signature.
7.7. When processing a Data Subject’s request for the exercise of their rights, the Airport verifies the identity of the Data Subject, evaluates the request and executes it in accordance with the applicable laws and regulations.
7.8. The Airport response will be sent to the Data Subject by registered mail to the indicated contact address.
7.9. The Airport ensures fulfilment of data processing and protection requirements in accordance with the applicable laws and regulations. In the case of a Data Subject’s claim, the Airport shall take all the necessary steps to resolve the claim, but if it fails, the Data Subject is always entitled to contact the supervisory authority – the Data State Inspectorate.
7.10. The Airport considers Data Subject applications in connection with these rights free of charge. Examination of an application may be refused or a reasonable charge may be applied if it is submitted in a manifestly unreasonable or excessive manner, as well as in other cases provided in the applicable laws and regulations.
7.11. Data Subjects are required to familiarise themselves with this Privacy Policy. Data Subjects shall also introduce any person whose interests may be affected in the course of personal data processing to this Privacy Policy. The Airport expects all personal data submitted to be without prejudice to the interests of others. In cases where, under certain conditions, a person has the opportunity to access or use services together with another person, he/she is solely responsible for informing such persons of data processing within the specified processes and the obligations arising therefrom.
8. Airport Website and the Use of Cookies
8.1. The Airport website may use cookie technology for the following purposes:
8.1.1. To improve the experience of the site, to ensure its operation and functionality;
8.1.2. To provide Data Subjects with the opportunity to freely visit and browse through the website, using all the opportunities offered by it, including obtaining information and purchasing Airport’s services;
8.1.3 To identify the most visited sections of the website, obtaining statistics on the website and the number of visitors to the sections, time spent, etc.;
8.1.4. To display advertisements tailored to the visitor’s needs.
8.2. Cookies only identify Data Subject’s equipment, but do not in any way disclose the identity of Data Subjects;
8.3. Data Subjects have the right at any time to refuse further processing of their data, unless otherwise provided by the applicable laws and regulations. In cases where these data are technically relevant for the provision of the services, there is a possibility that the Airport will not be able to provide the service in full as it was initially planned
8.4. The Airport’s website may contain links to other service provider (third parties) websites that have their own use and personal data protection rules, for which the Airport is not liable
9. Communication with Data Subjects
9.1. The Airport communicates with Data Subjects, using the contact details provided by Data Subjects (telephone number, e-mail address or postal address).
9.2. The communication about the performance of contractual obligations is provided by the Airport based on a respective contract.
9.3. In other cases, the Airport contacts Data Subjects based on requests made by Data Subjects, in accordance with the required communication type specified by the Data Subject and/or regulatory requirements.
10. Miscellaneous
10.1. The Airport has the right to make changes to the Privacy Policy, and the website always contains the latest version of Privacy Policy.
10.2. If this Privacy Policy is translated into other languages, then in the case of any contradiction the text in Latvian shall prevail.
10.3. The Airport’s Privacy Policy is subject to the effective laws and regulations of the Republic of Latvia. All disagreements shall be resolved through negotiations. If no mutual agreement is reached, disputes shall be considered in a court of law of the Republic of Latvia in accordance with the laws and regulations in force in the Republic of Latvia.