Published: 13.04.2021.

General Privacy Policy of the Unified Website Platform

The webmaster of the Unified Website Platform highly values your privacy and data protection. We assume that you have read this Privacy Policy which requests your consent to the processing of your personal data before the provision of such personal data and that you agree to the processing of your data.

Public administration is committed to ensuring openness and transparency, therefore this Privacy Policy describes the methods and purposes for the processing of the personal data transferred by you for processing on the Unified Website Platform. Before processing personal data, we evaluate the lawfulness of the data processing activity. We process personal data based on official mandate and legal obligations related thereto.

The Privacy Policy of the Unified Website Platform aims to provide general information on the personal data processing activities organised and performed by the State Chancellery in accordance with the principles of personal data processing provided in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – GDPR).

The personal data controller of the Unified Website Platform is the State Chancellery. The personal data processors of the Website Platform are the institutions whose websites are placed on the Unified Website Platform, the maintainer of the platform is the State Digital Development Agency (SDDA), the Web host is the Information Centre of the Ministry of the Interior (ICMI), and the technical service provider is the Latvia State Radio and Television Centre (LSRTC).

On the Unified Website Platform, your personal data shall be processed for the achievement of the legal interests of State administration institutions, the fulfilment of obligations specified in legal acts, the fulfilment of contractual obligations, the provision of information to the public, and also other abovementioned purposes.

The legal basis for the processing of personal data within the scope of the services managed on the Unified Website Platform is provided in the following legal acts:

Employees of the parties involved in the operation of the Unified Website Platform will only process personal data for the performance of their official duties or on behalf of or under the instruction of the institutions in compliance with the basic principles of personal data processing and confidentiality requirements set out in the institution’s internal documents.

An employee may not process personal data obtained during the performance of official duties for his or her own or other persons’ personal purposes. When processing personal data within the scope of their official duties, the personal data processors will minimise the risk of personal data coming into possession of unauthorised persons as a result of actions or omissions.

On the Unified Website Platform, your personal data is processed in accordance with the confidentiality requirements and by ensuring the security of the data in held by the Unified Website Platform. The personal data processors of the Unified Website Platform take various security measures to prevent unauthorised access to your data, disclosure of data or other inappropriate use of personal data. Based on the applicable level of security, proper processing and storage of data, and also data integrity is ensured. Proportionate and appropriate physical, technical, and administrative procedures and means to protect the personal data collected and processed on the platform are used accordingly. Security measures are constantly improved in accordance with the applicable security requirements and by complying with the relevant data protection principles, and to the extent necessary for the data processing purposes.

Personal data are protected with means of data encryption, firewall and other data network security breach detection solutions. The personal data processors of the Unified Website Platform ensure the confidentiality of data and take appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing, disclosure, accidental loss, distribution or destruction in compliance with appropriate data protection principles and to the extent necessary for the data processing purposes. Personal data protection measures are constantly improved and enhanced to prevent a decrease in the level of personal data protection.

Principles for the protection of personal data apply to:

  • the personal data processed in the information technology infrastructure (servers, local computer networks, and application software);
  • the personal data transmitted in the data transmission network, if any;
  • the information systems used for the provision of work which are administered by the institutions whose websites are placed on the Unified Website Platform;
  • the electronic documents developed, registered and in circulation containing personal data.

You may withdraw your consent (if such has been requested from you and you have given it) to the collection, processing, and use of your personal data at any time. The personal data controller of the Unified Website Platform will assess your claims based on its legal interests. If the personal data are no longer needed for the pre-defined processing purposes, they will be deleted.

The webmaster of the Unified Website Platform is responsible for the personal data processing and processes personal data with means that must prevent the misuse, unauthorised disclosure, and alteration of personal data.

In order to improve the communication of State administration institutions, the personal data controller monitors the received personal data. Such data may be used in an aggregated form to draw up review reports that can be disseminated between the State administration institutions of Latvia. Reports are anonymised and do not contain any personal data.

The Unified Website Platform contains access data of the registered and public users, usernames, information selection parameters, traffic information, and Internet Protocol (IP) access address information. The Unified Website Platform uses cookies to provide information on visitor activity, visited pages, sources, and time spent on the site. This information is collected to improve the ease of use of the website and collect information on the interests of visitors in order to ensure that the best possible service is provided to you. Only the minimum amount of personal data that is necessary to achieve the processing purpose is processed.

Your personal data are stored on the websites only for as long as it is necessary for the purposes for which they were collected. The personal data processors of the Unified Website Platform who have access to such data are trained to handle them properly and in accordance with the regulatory data security framework.

Personal data are stored for as long as there is a legal obligation to store personal data. At the end of the data storage period, the data will be securely deleted or depersonalised so that they can no longer be attributed to the data subject.

The personal data stored on the Unified Website Platform is considered restricted access information and can only be disclosed to third parties in the cases and in accordance with the procedures, and to the extent specified in legal acts or concluded agreements. When transferring personal data to the contractual partners of the Unified Website Platform (independent controllers), additional provisions for the processing of personal data are be included in the agreements.

Websites contain links to other sites which have different terms of use and personal data protection rules.

The cooperation between the institutions involved in the implementation of the Unified Website Platform is governed by the adopted legal acts. If you have any questions or complaints relating to the processing and protection of personal data in the Unified Website Platform, please contact the State Chancellery by sending an e-mail to pasts@mk.gov.lv or the responsible personal data controller of the State Chancellery Aldis Apsītis (e-mail address: aldis.apsitis@mk.gov.lv).

The person responsible for the processing of personal data on the website https://www.vda.gov.lv is Agita Pavarda (e-mail address: agita.pavarda@vda.gov.lv).

Data subjects have the right to submit complaints regarding the use of personal data to the State Data Inspectorate (www.dvi.gov.lv) if the subject believes that the processing of his or her personal data violates his or her rights and freedoms in accordance with the applicable laws and regulations.

The Unified Website Platform uses cookies and warns the website users and visitors thereof.

The Unified Website Platform uses cookies to fulfil the obligation specified in Paragraph 23 of the Cabinet Regulation No. 399 of 4 July 2017, Procedures for Accounting, Quality Control and Provision of State Administration Services, as well as in Section 10 of the State Administration Structure Law to obtain traffic and usage statistics in order to improve the ease of use of the Unified Website Platform. You are provided with the possibility to read the Cookie Policy and decide whether to give your consent to the collection of statistics, as well as to choose the option to share the content in social media. In the opt-in consent window, you are given the option to opt out of cookies by selecting “Reject”. The exception is the mandatory technical cookie which is enabled by the browser for the duration of the connection session. You can change your cookie preferences in the footer of the website by selecting the link "Changing cookie preferences".

Cookies are small text files which are stored on the memory of your computer or mobile device when visiting a website. During each next visit, the cookies are sent back to the website of origin or to any other website recognising the cookies. The cookies operate as a memory of the particular website, enabling the site to remember your computer or mobile device during next visits, and the cookies can also remember your settings or improve the user experience.

The cookies used can be divided into essential technological cookies without which the provision of the service is technologically impossible or significantly restricted, performance cookies and social media cookies.

By using the website you agree that the performance cookies placed on this website are used for the purpose of improving the quality of services in compliance with the State administration principles specified in Section 10 of the State Administration Structure Law which provide that the State administration must be organised in a way that is easily accessible to an individual and also the fulfilment of the obligation of the State administration to improve the quality of services provided to the public, to simplify and improve procedures for the benefit of natural persons.

When using third-party resources embedded on this website (for example, YouTube, Flickr, etc.), third-party cookies might be placed on your browser.

The website uses the following cookies:

  • Essential cookies:
    • SESS<ID> – this cookie is essential only for content administrators to ensure authentication (ID is replaced by a unique name created for each session).
    • maintenance_message – this cookie is necessary for all users to prevent the content or platform administrator’s notifications from reappearing (those which the content user has read and closed with the "Close" button).
    • allowCookies – this cookie determines whether you have agreed to the terms of use of cookies and whether to display a statement about the use of cookies in the future.
  • Performance cookies. This webpage uses the Google Analytics service made by Google Inc. which uses the cookies stored on your computer to enable analysis of how you use the relevant website. The information generated by the cookies about how you use the website is sent and stored to the Google server. Your IP address, when applying IP anonymisation, is shortened within the territory of the European Union or the European Economic Area. Google uses the information in order to assess how you use the particular website in order to prepare reports for website providers about activities on the relevant websites and to provide other services related to the use of websites and the internet. Google will never link the IP address received here with any other information being at the disposal of Google. In case of need, Google may provide this information to third parties if it is stipulated in laws or if third persons perform the processing of such data on the assignment of Google.
    • _ga, _gat, _gid – these three cookies are necessary for all users to allow traffic data to be passed to the Google Analytics statistics collection tool.

If you do not accept the use of performance cookies, traffic data will not be included in Google Analytics statistics.

  • Social media cookies:
    • _cfduid – this cookie is necessary for all users to share a content item on their social networks.

You may reject the creation, storage, and processing of such statistics by manually disabling the use of the cookie handling mechanism in your browser at any time.

You can change or delete your cookie settings in your browser settings. We have added links to cookie management information resources for the most popular browsers:

More information on how to control cookies according to your device’s browser can be found at: www.aboutcookies.org.

1. Contact details of the personal controller

The State Railway Administration

Riepnieku Street 2, Riga, LV-1050

phone: +371 67233225; e-mail: vda@vda.gov.lv

2. Personal data to be processed

The State Railway Administration (hereinafter - Administration), in the performance of the functions and tasks specified in its regulatory enactments and in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (hereinafter - Regulation) and the regulatory enactments of the Republic of Latvia for the protection of personal data, different types of personal data may be processed (e.g. name, surname, personal identity number, birth data, contact details (telephone number, e-mail, address), name of the institution or company represented, employer's name, position, photo, video and voice records, education information, work experience and other personally identifiable data.

3. Purpose and legal basis of data processing

The Administration shall perform the processing of data in order to realise the functions specified in Paragraphs 3 and 4 of Cabinet Regulation No.13 of 4 January 2005, Regulations of the State Railway Administration, and the tasks specified in other international and national regulatory enactments.

The legal basis for data processing stems from points (a), (b), (c) and (e) of the first subparagraph of Article 6 of the Regulation.

4. Recipients of personal data

Your personal data may be transferred to the responsible officials of the Administration or directly to authorised persons, data controllers (including the organisers of joint actions), the State, local government and law enforcement authorities in the cases specified in the legislation.

5. Personal data storage period

Your personal data will be stored for as long as it is necessary to achieve the relevant processing purposes, subject to the requirements of the regulatory enactments, by which your personal data will be deleted, unless the regulatory enactments provide for a longer period of data storage.

6. Rights of the data subject in the data processing process

The person whose data are processed has the right to request their supplement, rectify or delete, restrict their processing, the right to portability of their personal data, the right to object to the processing of their personal data and to withdraw their consent to the processing of their personal data. These rights shall be exercised in so far as the processing of data does not arise from the duties of the Administration imposed on it by the laws and regulations in force and carried out in the public interest or in respect of legitimate interests. The administration will evaluate the request submitted by the person in accordance with regulatory enactments and provide a response. If you do not want to be photographed or filmed and subsequently published at the events organised by the Administration, please ask to inform the Administration.

7. Guarantees against data abuse

The Administration shall process your personal data to ensure their security through a variety of security measures (such as data encryption and firewall protection) and in compliance with privacy requirements to prevent misuse and inappropriate use, unauthorised disclosure, disclosure and tampering, and unauthorised access.

8. Transmission of personal data to third countries

Your personal data may be transmitted to third countries that are not members of the European Union (EU) or the European Economic Area (EEA), only in cases provided for by law and in strict compliance with their rules, as well as ensuring a sufficient level of protection.

9. Right to lodge a complaint

If you have any objections, claims or complaints relating to the processing of your personal data, please refer to the Administration first. If the matter cannot be resolved within the framework of the Administration, you have the right to lodge a complaint with the State Data Inspectorate.

10. Automated decision-making

The Administration does not use your data to make automated decisions.

11. Submission of requests by the data subject

In order to receive information from the Administration related to the processing of personal data, an application shall be submitted in accordance with the procedures specified in regulatory enactments:

  • an electronic request for information must be signed with a secure electronic signature, inviting them to be sent to the Administrational Data Protection Officer by email: agita.pavarda@vda.gov.lv
  • authoring the portal www.Latvija.lv;
  • in a mailing to the Administration, with a self-attached signature. Address written information requests to the State Railway Administration, Riepnieku Street 2, Riga, LV-1050, Latvia;
  • the data subject may also submit a request for written information in person by completing a request for the issuance of data and presenting a personal identification document, in the Administration, in Riepnieku Street 2, Riga, in agreement with the Data Protection Officer in advance.

The administration, while protecting the rights of the data subject, is entitled to request additional information in order to clearly identify the applicant.

The Data Subject Information Request shall be examined by the Administration by within one month from the date of receipt of the request, in accordance with the procedures specified by the Regulation and the Law on the Processing of Personal Data. If necessary, that period may be extended by for a further period of two months, taking into account the complexity and number of requests.

The Administration shall, after examining the application, perform one of the following activities:

  • provide the data subject with the requested information;
  • give a reasoned written refusal to supply information;
  • inform the data subject of the actions taken (replenishment, rectification, erasure) in relation to the requirement expressed in the request for information.

12. Contact details of the Data Protection Specialist

For additional information on the processing of personal data by the Administration, please contact the Data Protection Officer:

Lawyer Agita Pavarda, phone +371 67234331, e-mail: agita.pavarda@vda.gov.lv