Privacy Policy

1. Introduction

SIA PAA, registration No. 40003133269, address: Ūnijas iela 12A, Riga (hereinafter referred to as – “Controller”), on the website (hereinafter referred to as – “Site”), processes personal data collected from the data subject, the user of the Sites (hereinafter referred to as – “User”).

The purpose of this Privacy Policy is to provide you with information about the purpose, scope and legal grounds of the processing of personal data carried out by the Controller, the possible recipients of the information, the principles of protection, the time limits for processing, the rights of data subjects, as well as the identity and contact details of the Controller.

The Controller shall take care of your privacy and the security of your personal data, respect your right to the protection of your personal data and the lawfulness of processing in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as – “Regulation”), the Personal Data Processing Law, other legislation on privacy and data processing, as well as this Privacy Policy.

The Controller’s Privacy Policy applies to the processing of personal data regardless of the form and/or medium in which you provide personal data (on the Sites, in paper form, electronically, by telephone, by subscribing to the Controller’s newsletter) and in which systems it is processed.

2. Identity and contact details of the Controller

The Controller is SIA PAA, reg. No. 40003133269, address: Ūnijas iela 12A, Riga, e-mail:

3.The purposes of processing, legal grounds for processing

The legal basis for the processing is Article 6(1)(a), (b), (c) and (f) of the Regulation.

If the User provides the Controller with personal data, such as name, personal identity number, e-mail or postal address, telephone number, personal messages, etc., through the contact forms of the Sites, e-mail or other forms of mail, the Controller stores and uses this information for the performance or conclusion of the relevant service agreements.

                  The processing of such data by the Controller is necessary for the identification of the customer, the preparation, conclusion and proof of the conclusion of the agreement, the operation/maintenance of the services, customer service, the handling and processing of complaints and objections, the administration of invoicing and other purposes directly related to the conclusion or performance of the agreements.

The Controller undertakes to process your personal data where one of the following legal grounds for processing exists: the Controller has obtained your consent; the Controller has a legitimate interest in the conclusion and performance of an agreement; the Controller is required to comply with its obligations under binding external laws and regulations.

The Controller has the following legitimate interests:

  • to carry out commercial activities;
  • to save your requests for the provision of services, other requests and submissions, notes on them, including those made verbally in meetings or by telephone;
  • to promote customer loyalty to the company and to improve the effectiveness of communication;
  • to design and develop products, solutions and services;
  • to advertise its products, to promote sales;
  • to improve customer service, including through customer surveys on services and their user experience.

The Controller has the following purposes for processing personal data:

  1. Sales and provision of services:
    • identification of the customer;
    • preparation and conclusion of an agreement;
    • fulfilment of contractual obligations;
    • circulation, provision and promotion of goods, development of new products;
    • customer service, including the handling and processing of objections and complaints;
    • maintaining cooperation, increasing customer loyalty, satisfaction surveys;
    • maintenance and improvement of the Controller’s websites and newsletters.
  2. Planning and analytics:
    • statistical analysis;
    • business analysis;
    • maintenance and improvement of business processes;
    • operational planning and accounting;
    • data quality assurance;
    • market and public opinion research;
    • customer surveys to develop customer service levels and improve the user experience in the insurance sector;
    • risk management.
  3. Marketing purposes:
    • In order to send you promotional materials, discounts or other special offers based on your interests, to which you have given your consent, the Controller processes your name, e-mail address, telephone number and information about your visit history on the Sites. Section 9(2) of the Law on Information Society Services also provides for cases where commercial communications may be sent without consent, for example, where the e-mail address was obtained in the context of the provision of a service or the sale of a product. You may unsubscribe from receiving such messages at any time by using the automatic unsubscribe option offered in the e-mail.
    • By participating in prize contests organised on the Controller’s social networking pages, such as Facebook, you acknowledge that, as a participant in the contest, you are providing us with your personal data (name, surname, social network username, etc.) which is publicly available on the relevant social networking page and that the Controller may use your personal data for the purposes of the contest, including, where necessary, to contact you and identify you as the winner and prize recipient. We may also include your name and surname in the announcement of the winner of the contest, which may be published on one of the Controller’s social media profiles. You, as the data subject, have the right to withdraw your consent and refuse to receive the prize, in which case there will be no negative consequences. By withdrawing your consent, you will no longer be entered into the prize draw. You may send such withdrawal to the contact details provided by the Controller.
  4. Other purposes:
    • for compliance with the requirements of binding laws and regulations;
    • for auditing, ensuring compliance with operational requirements;
    • for the provision of data to public authorities and subjects of operational activity in the cases and to the extent provided for in laws and regulations.
  5. Cookies:
    • The Controller is constantly improving the Sites in order to improve their use, so the Controller needs to know what information is important to visitors to the Sites, how often they visit the Sites, what devices and browsers they use, what region the visitors come from, and what content they prefer to read.
    • The Controller uses Google Analytics, which allows the Controller to analyse how visitors use the Site. You can find out more about how Google Analytics works on Google’s website The Controller uses the data collected for its legitimate interests, to improve the understanding of the needs of visitors to the Sites and to improve the accessibility of the information published by the Controller.
    • The server hosting the Sites may record the requests sent by the visitor (device used, browser, IP address, date and time of access). The data referred to in this paragraph are used for technical purposes: to ensure the proper functioning and security of the Sites and to investigate possible security incidents. The collection of the data referred to in this paragraph is based on the legitimate interest of the Controller in ensuring the technical availability and integrity of the Sites.
    • Cookies are small files that are stored by the browser on the visitor’s computer each time the visitor visits the Site, to the extent specified in the browser settings of the visitor’s computer. Certain cookies are used to select and personalise the information and advertisements offered to the visitor based on the content that the visitor has viewed in the past, and thus make the visitor’s use of the Sites simple, convenient and personalised. Further information on cookies and how to delete and manage them can be found at
    • The Sites use cookies to collect user IP addresses and browsing information and to enable the Sites to remember visitor choices. Cookies allow the Controller to track Site traffic and user interaction with the Sites – the Controller uses this data to analyse visitor behaviour and improve the Sites. The legal grounds for the use of cookies is the legitimate interest of the Controller in ensuring the functionality, availability and integrity of the Sites.
    • The visitor can manage and/or delete cookies at his/her own discretion. More information on this process is available here The visitor can delete all cookies that are on their computer and most browsers can be set to block cookies from being placed on their computer. Visitors can opt-out of cookies in the browser menu or at To ensure the necessary settings, the visitor should consult the Terms of Service of his browser.

4. Categories of recipients of personal data

The data are disclosed to those employees of the Controller who need them for the performance of their direct duties, for the performance or conclusion of the relevant service agreement.

When obtaining and using personal data, the Controller partly uses the services of external service providers who, in accordance with the agreement, strictly comply with the Controller’s instructions and who are under the Controller’s constant control before using the service and in the future.

5. Categories of personal data

Categories of personal data – name, surname, personal identity number, e-mail or postal address, IP address, telephone number, content of the message or letter, etc.

6. Categories of data subjects

Categories of data subjects – current, former and potential customers of the Controller.

7. Data transfers outside Latvia

The data received is not and will not be transferred outside Latvia, the European Union or the European Economic Area, nor will it be transferred to any international organisation.

With your consent, the Controller may transfer personal data outside Latvia, the European Union or the European Economic Area (for example, using the Google Analytics cookie service).

8. Data retention period

Unless otherwise stated in the data protection instructions, the Controller will delete personal data at the latest three months after the original reason for retaining the data no longer applies, unless it is legally obliged to continue to retain the data (for example, but not limited to, for accounting or litigation purposes).

9. Data subject access to personal data and other rights

The data subject has the right to obtain access to the data subject’s personal data within one month from the date of the relevant request.

The User may submit a request for the exercise of his/her rights in writing in person, at the Controller’s registered office (upon presentation of an identity document) or by e-mail, signed with a secure electronic signature.

Upon receipt of the User’s request to exercise his/her rights, the Controller shall verify the User’s identity, assess the request and execute it in accordance with the laws and regulations.

The User shall have the right to receive the information required by the laws and regulations in relation to the processing of his/her data, the right to request access to his/her personal data, as well as to request the Controller to supplement, rectify or delete them, to restrict processing or to object to processing, insofar as these rights do not conflict with the purpose of data processing (conclusion or performance of agreements).

The data subject does not have the right to receive information if the disclosure of such information is prohibited by law in the field of national security, national defence, public security, criminal law, as well as for the purpose of safeguarding public financial interests in tax matters or the supervision of financial market participants and macroeconomic analysis.

The data subject has the right to file a complaint with the supervisory authority (Data State Inspectorate). The current contact details are available on the website of the Data State Inspectorate