PRIVACY POLICY
Intro

SIA Konsultatīvā sabiedrība Conventus, hereinafter referred to as Conventus, processes large amounts of personal data daily and pays increased attention to security thereof. It is important for Conventus to provide for data subjects’ awareness of data processing principles, data subject’s rights and possibilities to use them.

This Privacy Policy provides a detailed description of how Conventus performs personal data processing.

Why does Conventus perform personal data processing?

In situations where the person has concluded a contract or the person has provided their consent to conditions of receipt of any product or service, while the person fails to fulfil financial obligations resulting from such contract, the specific service provider is entitled to use debt collection services for recovery of such debt, lawfully transferring personal data to disposal of Conventus for performance of debt recovery procedure. In such situation, Conventus has a legal reason to perform processing of the specific person’s data, in order to provide for fulfilment of the contract, promote protection of general public interests and provide for fulfilment of legitimate interests. Therefore, personal data processing is allowed even without consent of the data subject/natural person, since another legal reason is applicable to such data processing.

What personal data and for what purpose does Conventus process?

Conventus only processes personal data necessary for recovery of debts:

  • basic information for correct identification of and communication to the person – name, surname, personal ID No, birth data and contact information – address, phone number, e-mail address;
  • debt data for correct performance of debt collection, informing the debtor – debt/violation date, service provider’s contact number, violation type, amount, subject of the contract (e. g., vehicle license plate number), photo images, etc.;
  • payment history for provision for accounting and correct debt collection, observance of the Law on Prevention of Money Laundering and Terrorism Financing – amount, dates of payments, payer, payment justification, respective debt case, for which payments have been made, payment schedules;
  • previous communication notes for correct further communication – phone conversation notes, e-mails and attachments thereof, text messages, content of objections and other letters, payment promises.

All personal data are processed for the purpose of providing for fulfilment of requirements of the law and performing an efficient communication with the debtor, in order to resolve and settle debt cases, maximally avoiding worsening the debtor’s situation, as well as to be able to respond to objections correctly.

Conventus has also a statutory duty to provide personal data to public institutions according to the legal duty (e. g., to tax institutions, administrative institutions, etc.).

What debtor’s personal data may Conventus obtain from the third parties?

In accordance with Sec. 11 para. 3 of the Law on Extrajudicial Recovery of Debt, Conventus may request data of the debtor in the Register of Population of the Republic of Latvia, obtaining up-to-date information of the person’s name, surname, personal ID No and declared residence address.

In evaluation of further progress of the debt collection case (commencement of debt extrajudicial recovery case or filing a claim to the court), on the basis of a cooperation agreement with a sworn advocate, Conventus may obtain data of the person from AS Ceļu Satiksmes Drošības Direkcija, hereinafter referred to as CSDD, by the vehicle license plate number, obtaining the person’s name, surname, personal ID No and the residence address registered with CSDD.

Conventus may also obtain data of the debtor from other databases, e. g., from the Register of Insolvency, official publication of the Republic of Latvia Latvijas Vēstnesis, etc.

What third parties can obtain personal data from Conventus?

In accordance with the Law on Credit Bureaus and for the purpose of contributing to responsible crediting, Conventus may submit personal data to AS Kredītinformācijas Birojs, including the person’s name, surname, personal ID No, debt amount, date and data submission reason. Personal data may also be obtained by data processors Conventus is cooperating with. These are the companies helping Conventus perform daily tasks, for example, sending letters, performing phone communication, maintaining servers and databases. These companies are professionals in their fields, who concluded a contract and a personal data processing agreement, and high security requirements are defined for them, in order to provide for security and non-disclosure of personal data at the disposal of Conventus.

Whether Conventus processes sensitive/special category personal data?

Conventus does not perform processing of sensitive or special category personal data according to this term meaning in Art. 9 para. 1 of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) – data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

What are the person's rights in respect of their data?

Data subject have various rights in respect of their personal data, including:

  • the right to access their data;
  • the right to make correct amendments thereto;
  • the right to object against personal data processing;
  • the right to be forgotten;
  • the right to restrict;
  • the right to data portability;
  • the right to revoke consent to processing of their data.

Although by law data subject has the right to fulfilment of all these paragraphs, a number of the data subjects’-initiated activities mentioned by these paragraphs in debt collection procedure are not performed, in order to be able to fulfil other legal bases. For instance, the data subject has the right to request to be forgotten, however, such request will be rejected, since data processing is necessary for implementation of the mentioned legal bases (contract fulfilment, conformity to the law, observance of legitimate interests).

Conventus only performs data amendments in cases, where the data subject provides a correct alternative. For example, if data subject does not want communication with them to take place using a specific phone number, they must provide another phone number for Conventus to be able to continue communicating with the debtor in accordance with the Law on Extrajudicial Recovery of Debt.

In accordance to the law, Conventus must provide a response to the data subject’s request within 30 days from the day of receipt of such request. Sometimes, a situation may arise that Conventus has received a large number of requests from data subjects, therefore, the mentioned term may be extended, however not more than up to two months.

How long does Conventus store personal data?

Personal data are stored while the debt collection case is active, as well as five years after the end of the collection case. Some data categories, e. g., payment information, are stored 75 years, in accordance with the requirements of the Law on Accounting.

If Conventus client specifies or debtor proves that the debt collection case is submitted to Conventus incorrectly, and Conventus, therefore, has no legal basis to perform processing of the specific person’s data anymore, all data of this person are completely deleted from Conventus databases.

How do I contact Conventus?

Any person is entitled to send a printed and signed application to Conventus registered office: Apt. 2, 19 Jauniela, Riga, LV-1050, Latvia, or send an electronically signed document to Conventus e-mail address info@conventus.lv

How do I contact the supervisory authority?

Any person is entitled to ask advice of the Data State Inspectorate, which is the leading personal data protection supervisory institution in Latvia, in Apt. 15, 11/13 Blaumaņa iela, Riga, LV-1011; by phone 67223131 or e-mail info@dvi.gov.lv

You can find additional information at the DSI website www.dvi.gov.lv