Skip to main content
Submit a claim
Submit a claim
Log in
Home About BALTA IJSC BALTA personal data processing notification to customers

IJSC BALTA personal data processing notification to customers

AAS BALTA Personal Data Processing Notice for Clients

1.   Information about the Controller
Our name is AAS BALTA, registration number: 40003049409, legal address: Skanstes iela 25, Riga, Latvia, LV-1013.
For more information about us, please visit our website at balta.lv.

 

2.   Contact Information for Personal Data Protection Inquiries
If you have any questions regarding this notice or the processing of your personal data, you can contact us by writing to the email address [email protected].

 

3.   General Description of Our Personal Data Processing
We recognize that personal data is valuable to you, and we will process it in compliance with confidentiality requirements and by ensuring the security of your personal data in our possession.
This notice describes how we process the personal data of our clients whose data may come into our possession within the scope of our business activities.
We assume that before using our website or mobile application, or becoming our client, you have read this notice and accepted its terms.
The purpose of this notice is to provide you with a general overview of the personal data processing activities we carry out and the purposes behind them. However, please be aware that additional information about the processing of your personal data may be provided in other documents (e.g., service agreements, cooperation agreements, lottery rules, terms of use for the website or portal).
Please note that the personal data processing rules outlined in this notice apply only to the processing of data related to natural persons.
Additionally, you can familiarize yourself with the terms of use for the website HERE.

4. Why We Need Your Data
Primarily, we collect your personal data to fulfill our contractual obligations and legal responsibilities, as well as to pursue our legitimate interests. In these cases, the collection of certain personal data is necessary to achieve these purposes, and failing to provide such information may hinder the initiation of a business relationship or the execution of a contract. If the data is not mandatory but can help enhance our services or offer you favorable contract terms and/or offers, we will indicate that the provision of such data is voluntary when collecting it.

5. The Purposes for Which We Process Your Personal Data and the Legal Basis for Processing
We will process your personal data only for previously defined purposes, including:

a) For the initiation and provision of services, as well as for the fulfillment and enforcement of contractual obligations
For this purpose, we need to identify you, provide insurance offers, prepare contracts, and communicate with you on matters related to the provision of services and/or the execution of contracts (including sending invoices). In some cases, we may also need to ensure the recovery of unpaid payments.

For this purpose and the sub-purposes mentioned above, we require:

  1. At least the following personal data for preparing an insurance contract and maintaining communication with the client, such as identifying data for the policyholder, the insured, and the beneficiary, as well as contact information (email, phone number, address);
  2. Data for identifying the insured object (e.g., data on the insured vehicle or property) and assessing the insured risk, including fraud risk; the scope of data collected may vary depending on the insurance service offered;
  3. Data for creditworthiness assessment and credit risk management;
  4. Employment-related data;
  5. Data on familial relationships.

The main legal bases for achieving these purposes are:

  • Contract conclusion and execution (Article 6(1)(b) of the General Data Protection Regulation);
  • Compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation);
  • Our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation), for example, for identifying you as a client, client representative, or contact person of a business partner and ensuring communication with you.

b) Fulfillment of Legal Requirements Related to Service Provision or Other Statutory Requirements
For this purpose, we are required to comply with both insurance service provisions and accounting regulations, as well as requirements set out in the Archives Law and other legal acts.

To fulfill this purpose, we need to process the following personal data: the name, surname, personal identification number, address of the client or client’s contact person, information about the insured object, and other data as necessary.

The primary legal basis for achieving this purpose is:

ü  Compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation).

c) Providing Information About Our News, Services, and Offers


Based on your provided consent and your preferred communication method, we may send you information about:

Our services and activities;

  • Beneficial offers;
  • Discounts, bonuses, promotions, lotteries, or gifts;
  • Opportunities to participate in various contests or events;
  • As well as holiday greetings.

For this purpose, we need at least the following personal data: your name, surname, postal address, phone number, and email address.

The main legal bases for achieving this purpose are:

  • Your consent (Article 6(1)(a) of the General Data Protection Regulation);
  • Our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation), for example, ensuring communication.

You have the right to withdraw your consent at any time, after which we will no longer process your personal data for this purpose. Consent can be withdrawn through the self-service portal "My Insurance," by calling our contact center at 67522275, or in person at our customer service center. Please note that withdrawing consent does not affect the data processing carried out while your consent was valid.

d) Ensuring Security, Preventing Threats to Property Interests, and Protecting Other Essential Legitimate Interests


For this purpose, we may need to conduct video surveillance of our premises, record phone conversations, use data processors for various functions, disclose information to courts and other public authorities, exchange information within the company group, or use rights provided by law to protect our legitimate interests.

For this purpose, we may need to process at least the following personal data: name, surname, personal identification number, data on the insured object, the appearance (image) of the individual, and other necessary data.

The primary legal basis for achieving this purpose is:

  • Legitimate interests of the controller (Article 6(1)(f) of the General Data Protection Regulation), for example, for the purpose of detecting criminal offenses.

e) Ensuring Proper Service Provision


For this purpose, we may need to maintain and improve technical systems and IT infrastructure, using technical and organizational solutions that may involve your personal data (e.g., using cookies) to ensure proper service delivery.

The primary legal basis for achieving this purpose is:

  • Legitimate interests of the controller (Article 6(1)(f) of the General Data Protection Regulation).

f) Ensuring the Employee Selection Process and Exercising Resulting Rights and Obligations


For this purpose, we:

  • Collect CVs from candidates,
  •  Contact candidates and references provided by them to collect feedback,
  • With the candidate’s consent, retain CVs for future vacancies,
  • Retain data obtained during the selection process to defend our interests in legal proceedings or respond to complaints or claims.

For this purpose and the above sub-purposes, we may need at least the following personal data: the candidate’s name, surname, contact information (email, phone number), education and previous work experience, persons who can provide references and their contact details, feedback about the candidate, and any other information that may be relevant for the performance of the specific role and identifying the most suitable candidate.

The main legal bases for achieving these purposes are:

Consent (Article 6(1)(a) of the General Data Protection Regulation) regarding the submission of a CV and retention of the CV for future vacancies.

Conclusion of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation) for the processing of candidate data for whom a decision to sign an employment contract has been made.

Compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation) in certain cases concerning specific types of data, where regulatory acts impose mandatory requirements for a specific position.

The controller’s legitimate interests (Article 6(1)(f) of the General Data Protection Regulation) concerning the provision of evidence in the event of potential claims, as well as regarding the minimal required amount of information.

g) For the Conclusion and Execution of Employment Contracts

For this purpose, we:

  • Collect information required to be included in the employment contract and its appendices,
  • Identify you,
  • Verify your qualification documents,
  • Prepare the employment contract,
  • Create a work-related email address for you,
  • Assign you a username to access relevant information systems,
  • Record your working hours and tasks completed,
  • Evaluate your job performance,
  • In some cases, if necessary for work duties, we may share your job title and contact information with partners, clients, and other employees,
  • Calculate and transfer your salary to your designated account,
  • Send you for a health examination,
  • Collect other information required for your employment.

For this purpose and the sub-purposes mentioned above, we may need at least the following personal data: employee’s name, surname, personal identification number, date of birth, residential address, phone number, start date of employment, workplace, education data, qualifications, job description, position, work contact information, salary details, work performance data, job evaluations, and health information. To ensure accurate salary calculation for insurance sales employees, we will need to set sales plans, measure achieved sales results, analyze Key Performance Indicators (KPIs), growth metrics, and campaign results, and conduct an analysis of recorded phone calls.

The main legal bases for achieving these purposes are:

  • Conclusion of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation).
  • Compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation) regarding the information reflected in the employment contract and the necessary qualification requirements.
  • ü  Fulfillment of the controller’s obligations and exercise of rights in the field of employment (Article 9(2)(b) of the General Data Protection Regulation) concerning the processing of special categories of data (health data, trade union membership).

6. How We Obtain Your Personal Data


We may obtain your personal data in one of the following ways:

  • From you during the process of concluding a mutual agreement.
  • If the contract is concluded with a third party that designates you as the insured person, beneficiary, or contact person.
  • From you, if you submit applications, emails, or call us.
  • From you, when you file an insurance claim.
  • From you, when you log into our websites.
  • From you, when you become a user of the BALTA mobile app.
  • Through our website, using cookies.
  • In some cases, from third parties (e.g., from their databases) during the process of concluding a mutual agreement.
  • Or in another manner, in accordance with the legal basis for personal data processing.

7. Who Can Access Your Personal Data


We take appropriate measures to process your personal data in accordance with applicable laws and ensure that third parties who do not have a legal basis for processing your personal data do not access it. However, you are responsible for the consequences if you allow third parties to access your mobile device and the personal data stored in the BALTA mobile app.

Your personal data may be accessed by:

  • Our employees or authorized individuals as necessary to fulfill their job duties.
  • Insurance intermediaries (agents, brokers) through whom insurance contracts are concluded.
  • Data processors in accordance with the services they provide and to the extent necessary, such as auditors, financial management and legal consultants, database developers/technical maintenance providers, and others involved in service provision.
  • State and municipal institutions in cases provided for by law, such as law enforcement agencies, municipalities, tax authorities, sworn bailiffs.
  • Third parties, after careful evaluation to ensure that the transfer is based on a legitimate legal basis, such as partners (car repair shops, experts) and healthcare institutions, as well as courts, out-of-court dispute resolution bodies, insolvency administrators, and other third parties in case of an insurance claim.

8. Which Partners or Data Processors We Select for Personal Data Processing
We take appropriate measures to ensure that your personal data is processed, protected, and transferred to data processors in accordance with applicable laws. We carefully select data processors and, when transferring data, evaluate the necessity and volume of the data. Data transfers are carried out in compliance with confidentiality and secure data processing requirements.

We cooperate with the following categories of data processors:

  • Partners who assist in providing services to our clients.
  • IT infrastructure developers/technical maintenance providers.
  • Persons involved in insurance mediation (agents, etc.).
  • External accountants, auditors, financial management and legal consultants.
  • Other persons involved in the provision of our services.

9. How Long We Retain Your Personal Data
Your personal data is stored as long as necessary for the purposes of processing the personal data and in accordance with applicable legal requirements.

When determining the retention period of personal data, we take into account applicable legal requirements, aspects of fulfilling contractual obligations, your instructions (e.g., in the case of consent), and our legitimate interests. If your personal data is no longer necessary for certain purposes, we will delete or anonymize it.

Below are the most common retention conditions for personal data:

  • Personal data necessary for the fulfillment of contractual obligations will be retained until the contract is fulfilled and as long as other retention periods are applicable.
  • Personal data that must be stored to comply with legal obligations will be retained for the periods stipulated by the relevant legal acts. For example, the Law on Accounting requires that supporting documents be retained until they are no longer needed to determine the beginning and course of each economic transaction, but for no less than five years.
  • Data that is necessary to demonstrate the fulfillment of our obligations will be retained considering the statute of limitations according to the timeframes specified by legal acts—three years as stipulated in the Insurance Contract Law, 10 years in the Civil Law, and three years in the Commercial Law, as well as other periods provided for by legal acts.

10. Is Your Personal Data Used for Automated Decision-Making?
To ensure convenient and efficient insurance services, we may use your data for automated decision-making, such as calculating insurance premiums, processing claims, and identifying risks. For example, when calculating premiums for land vehicle (KASKO) insurance, our system automatically analyzes the vehicle owner's or holder's address (region), the age of the youngest driver, claim history, and other factors. You cannot opt out of this type of automated processing (profiling), but you can request a review of the decision. In such cases, we will ensure that our staff member is involved in evaluating the decision, based on an analysis of the information you have provided.

11. What Are Your Rights Regarding the Processing of Your Personal Data?


Updating Personal Data
If there are any changes to your personal data, such as a change in personal identification number, contact address, phone number, or email address, please contact us and provide the updated information so that we can fulfill the relevant purposes of processing your personal data.

Your Right to Access and Correct Your Personal Data
In accordance with the General Data Protection Regulation (GDPR), you have the right to access your personal data held by us, request its correction, deletion, restriction of processing, object to the processing of your data, as well as the right to data portability in certain cases and procedures provided for by the GDPR. You also have the right to withdraw your consent to data processing at any time.

The company respects your rights to access and control your personal data. If we receive your request, we will respond within the timeframes set by the law (usually within one month, unless a special request requires more time to prepare a response). If possible, we will correct or delete your personal data accordingly.

You can access your personal data or exercise other rights as a data subject in one of the following ways:

  • By submitting an application in person at our office and identifying yourself.
  • By sending an application by mail.
  • By sending an application to the email address [email protected], preferably signed with a secure electronic signature.

Upon receiving your application, we will assess its content and the ability to identify you. Depending on the situation, we reserve the right to request additional identification to ensure the security of your data and prevent its disclosure to unauthorized individuals.

12. Information on the Use of Cookies
More information is available in our Cookie Policy.

13. Is Your Personal Data Transferred Outside the European Union (EU) or the European Economic Area (EEA)?
We ensure that your personal data is stored within the EU and EEA. However, in certain cases, to provide specific services, your personal data may be transferred outside the EU and EEA. Any such transfer of personal data is carried out in compliance with the requirements of the GDPR.

When transferring your personal data outside the EU and EEA, we adhere to at least one of the following conditions:

  • The transfer is made to a country that the European Commission has recognized as providing an adequate level of data protection.
  • The transfer is made to a country or international organization that provides appropriate safeguards between public authorities or bodies.
  • Your consent has been obtained for the transfer of personal data.
  • The transfer of personal data is necessary to fulfill a contract between "BALTA" and you.
  • The transfer of personal data is necessary for a contract between "BALTA" and another individual or legal entity in your interest, or for the execution of the contract.
  • The transfer of personal data is necessary to establish, exercise, or defend legal claims (e.g., for legal proceedings).

14. Where Can You Submit Complaints Regarding the Processing of Your Personal Data?
If you have any questions or objections regarding our processing of your personal data, we encourage you to contact us first.

However, if you believe we have not been able to resolve the issue and that we are still violating your data protection rights, you have the right to file a complaint with the Data State Inspectorate. You can find complaint templates and additional information on the Data State Inspectorate’s website.

15. Review of the Personal Data Processing Notice
We regularly review and update this personal data processing notice for our clients.
Last review: 07.05.2024